[
https://issues.apache.org/jira/browse/KUDU-2267?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16340406#comment-16340406
]
Hao Hao commented on KUDU-2267:
-------------------------------
Fixed in 8138602ea and c497c69bb.
> Client may see negotiation failure when talks to master followers with only
> self signed cert
> ---------------------------------------------------------------------------------------------
>
> Key: KUDU-2267
> URL: https://issues.apache.org/jira/browse/KUDU-2267
> Project: Kudu
> Issue Type: Improvement
> Components: client
> Affects Versions: 1.6.0
> Reporter: Hao Hao
> Priority: Major
>
> Currently, if a master has never been a leader from the very start of the
> cluster, it has just self-signed cert. And if a client does not have valid
> Kerberos credential but only authenticated token, then the client may see
> {{org.apache.kudu.client.NonRecoverableException: Server requires Kerberos,
> but this client is not authenticated}} error when trying to connect to master
> followers. Since in that case SASL authentication type is chosen instead of
> token for authentication.
> It is safe to ignore this error, as long as client is able to connect to
> master leader. However, for a long term fix, masters should probably attempt
> to get a signed cert from the leader.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
