[ https://issues.apache.org/jira/browse/HBASE-27204 ]
Andrew Kyle Purtell deleted comment on HBASE-27204:
---------------------------------------------
was (Author: apurtell):
Will try to avoid a revert if we can.
Let me see about sending something back even when replyToken is null. Something
that an older client would handle without an issue. Back soon.
> BlockingRpcClient will hang for 20 seconds when SASL is enabled after
> finishing negotiation
> -------------------------------------------------------------------------------------------
>
> Key: HBASE-27204
> URL: https://issues.apache.org/jira/browse/HBASE-27204
> Project: HBase
> Issue Type: Bug
> Components: rpc, sasl, security
> Reporter: Duo Zhang
> Assignee: Andrew Kyle Purtell
> Priority: Critical
> Fix For: 2.5.0, 3.0.0-alpha-4, 2.4.14
>
>
> Found this when implementing HBASE-27185. When running TestSecureIPC, if
> BlockingRpcClient is used, the tests will spend much more time comparing to
> NettyRpcClient.
> The problem is that, for the normal kerberos authentication, the last step is
> client send a reply to server, so after server receives the last token, it
> will not write anything back but expect client to send connection header.
> In HBASE-24579, for reading the error message, we added a readReply after the
> SaslClient indicates that the negotiation is completed. But as said above,
> for normal cases, we will not write anything back from server side, so the
> client will hang there and only throw an exception when timeout is reached,
> which is 20 seconds.
> This nearly makes the BlockingRpcClient unusable when sasl is enabled, as it
> will hang 20 seconds when connecting...
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
