[
https://issues.apache.org/jira/browse/HBASE-15200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15127008#comment-15127008
]
Andrew Purtell commented on HBASE-15200:
----------------------------------------
It also occurs to me the system properties we define to ask zookeeper to ignore
the host component etc may not be properly set up in the test environment. We
should probably handle this in any case. I'm on the phone right now and tried
to find those defines in the online book, an impossible task, sorry.
> ZooKeeper znode ACL checks should only compare the shortname
> ------------------------------------------------------------
>
> Key: HBASE-15200
> URL: https://issues.apache.org/jira/browse/HBASE-15200
> Project: HBase
> Issue Type: Bug
> Affects Versions: 2.0.0, 1.2.0, 1.0.3, 1.1.3, 0.98.17
> Reporter: Andrew Purtell
> Assignee: Andrew Purtell
> Priority: Minor
> Fix For: 2.0.0, 1.3.0, 1.1.4, 0.98.18
>
> Attachments: HBASE-15200.patch
>
>
> After HBASE-13768 we check at startup in secure configurations if our znodes
> have the correct ACLs. However when checking the ACL we compare the Kerberos
> fullname, which includes the host component. We should only compare the
> shortname, the principal. Otherwise in a multimaster configuration we will
> unnecessarily reset ACLs whenever any master running on a host other than the
> one that initialized the ACLs makes the check. You can imagine this happening
> multiple times in a rolling restart scenario.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
