[ https://issues.apache.org/jira/browse/PHOENIX-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15451068#comment-15451068 ]
ASF GitHub Bot commented on PHOENIX-3189: ----------------------------------------- Github user joshelser commented on the issue: https://github.com/apache/phoenix/pull/191 > Did you get to look at the comment regarding the user login ? Assuming you mean the below.. > With that said I am not sure that you can support multiple users and support renewals with the way the UGI works. > If in the same JVM a driver is instantiated for User A and then another driver is instantiated for User B the last call to loginUserFromKeytab will set the the user information in the UGI. Yes, the best way to approach this is that Phoenix's automatic Kerberos login should _only_ be used when there a single user accessing Phoenix at one time. I was thinking that Phoenix could likely use its own docs page on the interactions with Kerberos. That would be a good place to warn people and instruct them how they need to properly support multiple concurrent users on their own. > Can you allow another to login with a different principal? Would that cause a security issue? If we create one driver(One) with user A and then create another driver(Two) with user B the info in the UGI now is that of user B. So there can be a situation where driver One will be using credentials of user B. My thinking is this (but I should probably test it): says userA uses phoenix, then userB starts using Phoenix. This implies that userA would be logged out and I would hope that subsequent interactions with Phoenix by the "human" userA would fail because its credentials are no longer there (the RPCs themselves would fail). In other words, my thinking is that the RPC authentication would protect us in Phoenix from this being an issue. > HBase/ZooKeeper connection leaks when providing principal/keytab in JDBC url > ---------------------------------------------------------------------------- > > Key: PHOENIX-3189 > URL: https://issues.apache.org/jira/browse/PHOENIX-3189 > Project: Phoenix > Issue Type: Bug > Affects Versions: 4.8.0 > Reporter: Josh Elser > Assignee: Josh Elser > Priority: Blocker > Fix For: 4.9.0, 4.8.1 > > > We've been doing some more testing after PHOENIX-3126 and, with the help of > [~arpitgupta] and [~harsha_ch], we've found an issue in a test between Storm > and Phoenix. > Storm was configured to create a JDBC Bolt, specifying the principal and > keytab in the JDBC URL, relying on PhoenixDriver to do the Kerberos login for > them. After PHOENIX-3126, a ZK server blacklisted the host running the bolt, > and we observed that there were over 140 active ZK threads in the JVM. > This results in a subtle change where every time the client tries to get a > new Connection, we end up getting a new UGI instance (because the > {{ConnectionQueryServicesImpl#openConnection()}} always does a new login). > If users are correctly caching Connections, there isn't an issue (best as I > can presently tell). However, if users rely on the getting the same > connection every time (the pre-PHOENIX-3126), they will saturate their local > JVM with connections and crash. -- This message was sent by Atlassian JIRA (v6.3.4#6332)