[
https://issues.apache.org/jira/browse/HBASE-15145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15109849#comment-15109849
]
Enis Soztutar commented on HBASE-15145:
---------------------------------------
According to
https://hbase.apache.org/book.html#_external_zookeeper_configuration, typically
{{hbase-env.sh}} will have:
{code}
export HBASE_OPTS="$HBASE_OPTS -XX:+UseConcMarkSweepGC
-XX:ErrorFile=/var/log/hbase/hs_err_pid%p.log
-Djava.security.auth.login.config=/usr/hdp/current/hbase-client/conf/hbase_client_jaas.conf"
export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS -Xmx1024m
-Djava.security.auth.login.config=/usr/hdp/current/hbase-regionserver/conf/hbase_master_jaas.conf
$JDK_DEPENDED_OPTS"
{code}
I think we can pass HBASE_MASTER_OPTS to the HBCK command and to zkcli so that
the jaas setting for master is used.
> HBCK and Replication should authenticate to zookepeer using server principal
> ----------------------------------------------------------------------------
>
> Key: HBASE-15145
> URL: https://issues.apache.org/jira/browse/HBASE-15145
> Project: HBase
> Issue Type: Bug
> Reporter: Enis Soztutar
> Assignee: Enis Soztutar
> Fix For: 2.0.0, 1.2.0, 1.3.0, 1.1.4
>
>
> In secure clusters, we protect znodes with the server principal in zk.
> However, if a user wants to add a replication peer or run HBCK, then she will
> get Auth exception. This was not a problem due to an earlier bug.
> For replication, the long term fix is HBASE-11392. However, we should still
> have a way to launch zkcli with the server principals for manual inspection /
> manipulation.
> HBCK should always assume the server principals.
> Thanks [~Koelli] for reporting this.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
