[KUDU-2267] Client may see negotiation failure when talks to master followers with only self signed cert - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.6.0
Fix Version/s: 1.7.0
Component/s: client
Labels:
None

Target Version/s:

1.7.0

Description

Currently, if a master has never been a leader from the very start of the cluster, it has just self-signed cert. And if a client does not have valid Kerberos credential but only authenticated token, then the client may see org.apache.kudu.client.NonRecoverableException: Server requires Kerberos, but this client is not authenticated error when trying to connect to master followers. Since in that case SASL authentication type is chosen instead of token for authentication.

It is safe to ignore this error, as long as client is able to connect to master leader. However, for a long term fix, masters should probably attempt to get a signed cert from the leader.

Attachments

Issue Links

is related to

KUDU-2262 Java client does not retry if no master is a leader

Resolved

relates to

KUDU-2265 A non-leader master uses self-signed server TLS cert if it hasn't ever run as a leader

Resolved

Activity

People

Assignee:: Hao Hao

Reporter:: Hao Hao

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Jan/18 23:29

Updated:: 15/Mar/18 16:48

Resolved:: 26/Jan/18 01:29