[
https://issues.apache.org/jira/browse/HBASE-15145?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Enis Soztutar updated HBASE-15145:
----------------------------------
Release Note:
Added a new command line argument: --auth-as-server to enable authenticating to
ZooKeeper as the HBase Server principal. This is required for secure clusters
for doing replication operations like add_peer, list_peers, etc until
HBASE-11392 is fixed. This advanced option can also be used for manually fixing
secure znodes.
Commands can now be invoked like:
hbase --auth-as-server shell
hbase --auth-as-server zkcli
HBCK in secure setup also needs to authenticate to ZK using servers
principals.This is turned on by default (no need to pass additional argument).
When authenticating as server, HBASE_SERVER_JAAS_OPTS is concatenated to
HBASE_OPTS if defined in hbase-env.sh. Otherwise, HBASE_REGIONSERVER_OPTS is
concatenated.
> HBCK and Replication should authenticate to zookepeer using server principal
> ----------------------------------------------------------------------------
>
> Key: HBASE-15145
> URL: https://issues.apache.org/jira/browse/HBASE-15145
> Project: HBase
> Issue Type: Bug
> Reporter: Enis Soztutar
> Assignee: Enis Soztutar
> Fix For: 2.0.0, 1.2.0, 1.3.0, 1.1.4
>
> Attachments: hbase-15145_v1.patch, hbase-15145_v2.patch
>
>
> In secure clusters, we protect znodes with the server principal in zk.
> However, if a user wants to add a replication peer or run HBCK, then she will
> get Auth exception. This was not a problem due to an earlier bug.
> For replication, the long term fix is HBASE-11392. However, we should still
> have a way to launch zkcli with the server principals for manual inspection /
> manipulation.
> HBCK should always assume the server principals.
> Thanks [~Koelli] for reporting this.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
