Wang, Xinglong created HBASE-23319:
--------------------------------------
Summary: ZKUtil.isSecureZooKeeper does not consider JAAS
configuration set programmatically
Key: HBASE-23319
URL: https://issues.apache.org/jira/browse/HBASE-23319
Project: HBase
Issue Type: Bug
Reporter: Wang, Xinglong
Assignee: Wang, Xinglong
There are 2 ways to specify JAAS for zk
1st approach is to specify in hbase-env.sh via
-Djava.security.auth.login.config=zk_client_jaas.conf
2nd approach is introduced by
https://issues.apache.org/jira/browse/HBASE-4791
However during my test, if I remove jaas related configuration from
hbase-env.sh and add the following entries required by HBASE-4791, regionserver
can not authenticate with zk successfully
{code:java}
hbase.zookeeper.client.keytab.file
hbase.zookeeper.client.kerberos.principal
{code}
I checked the code, it failed on this line
https://github.com/apache/hbase/blob/master/hbase-zookeeper/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java#L871
And this will cause the jaas login process break on
https://github.com/apache/hbase/blob/master/hbase-zookeeper/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java#L208
As a result, regionserver will not try to login from keytab in such case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
