[
https://issues.apache.org/jira/browse/HBASE-6314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13405927#comment-13405927
]
Himanshu Vashishtha commented on HBASE-6314:
--------------------------------------------
Looking at the code: In the SecureClient#handleSaslConnectionFailure, there is
a retry logic in case of kerberos specific failure in case it retries to login
from keytab or credential cache. In case of un-authenticated users,
shouldAuthenticateOverKrb returns false and it throws an IOException.
Throwing a DoNotRetryIOException exception at this point instead and then
checking & rethrowing it in the above callstack (in HCM's getMaster and
checking it in HBaseAdmin ctr will make it failfast. I can attach a patch if
this approach sounds reasonable.
{code}
if (ex instanceof RemoteException)
throw (RemoteException)ex;
throw new DoNotRetryException(ex);
{code}
> In secure hbase, we should have a fail fast behavoir for unauthenticated user
> -----------------------------------------------------------------------------
>
> Key: HBASE-6314
> URL: https://issues.apache.org/jira/browse/HBASE-6314
> Project: HBase
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.92.0, 0.94.0
> Reporter: Himanshu Vashishtha
> Priority: Minor
>
> In case of unauthenticated users in secure hbase, hbase shell does a
> connection retry at two levels:
> a) HConnection: It retries hbase.client.retries.number times
> b) HTableAdmin: it again retries hbase.client.retries.number times
> So, hbase shell retries square number of times of the configured setting. We
> can make it failfast (no retries) in case the user is not authenticated (no
> valid kerberos credentials).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
