[
https://issues.apache.org/jira/browse/HBASE-15200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15133762#comment-15133762
]
Hudson commented on HBASE-15200:
--------------------------------
FAILURE: Integrated in HBase-1.3 #536 (See
[https://builds.apache.org/job/HBase-1.3/536/])
Amend HBASE-15200 ZooKeeper znode ACL checks should only compare the (apurtell:
rev 1b420be56a530e5b07ed8f478d5aa4916abeb438)
*
hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java
> ZooKeeper znode ACL checks should only compare the shortname
> ------------------------------------------------------------
>
> Key: HBASE-15200
> URL: https://issues.apache.org/jira/browse/HBASE-15200
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 2.0.0, 1.2.0, 1.0.3, 1.1.3, 0.98.17
> Reporter: Andrew Purtell
> Assignee: Andrew Purtell
> Priority: Minor
> Fix For: 2.0.0, 1.3.0, 1.2.1, 1.1.4, 1.0.4, 0.98.18
>
> Attachments: HBASE-15200-branch-1.0.patch,
> HBASE-15200-branch-1.1.patch, HBASE-15200.patch, HBASE-15200.patch
>
>
> After HBASE-13768 we check at startup in secure configurations if our znodes
> have the correct ACLs. However when checking the ACL we compare the Kerberos
> fullname, which includes the host component. We should only compare the
> shortname, the principal. Otherwise in a multimaster configuration we will
> unnecessarily reset ACLs whenever any master running on a host other than the
> one that initialized the ACLs makes the check. You can imagine this happening
> multiple times in a rolling restart scenario.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
