Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-26149 Further improvements on ConnectionRegistry implementations
  3. HBASE-25051

DIGEST based auth broken for rpc based ConnectionRegistry

    XMLWordPrintableJSON

Details

    • Reviewed
    • We implement a new way to get information from a server through different rpc preamble headers, and use it to get the cluster id before actually setting up the secure rpc client.

    Description

      DIGEST-MD5 based sasl auth depends on cluster-ID to obtain tokens. With master registry, we have a circular dependency here because master registry needs an rpcClient to talk to masters (and to get cluster ID) and rpc-Client needs a clusterId if DIGEST based auth is configured. Earlier, there was a ZK client that has its own authentication mechanism to fetch the cluster ID.

      HBASE-23330, I think doesn't fully fix the problem. It depends on an active connection to fetch delegation tokens for the MR job and that inherently assumes that the active connection does not use a DIGEST auth.

      It is not clear to me how common it is to use DIGEST based auth in connections.

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. HBASE-28312 The bad auth exception can not be passed to client rpc calls properly

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link Design Doc

          Web Link GitHub Pull Request #5631

          Web Link GitHub Pull Request #5632

          Web Link GitHub Pull Request #5664

          Activity

            People

              zhangduo Duo Zhang
              bharathv Bharath Vissapragada
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: