Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2267

Client may see negotiation failure when talks to master followers with only self signed cert

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6.0
    • Fix Version/s: 1.7.0
    • Component/s: client
    • Labels:
      None
    • Target Version/s:

      Description

      Currently, if a master has never been a leader from the very start of the cluster, it has just self-signed cert. And if a client does not have valid Kerberos credential but only authenticated token, then the client may see org.apache.kudu.client.NonRecoverableException: Server requires Kerberos, but this client is not authenticated error when trying to connect to master followers. Since in that case SASL authentication type is chosen instead of token for authentication.

      It is safe to ignore this error, as long as client is able to connect to master leader. However, for a long term fix, masters should probably attempt to get a signed cert from the leader.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                hahao Hao Hao
                Reporter:
                hahao Hao Hao
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: