[jira] [Commented] (HBASE-25051) DIGEST based auth broken for rpc based ConnectionRegistry

Tue, 06 Feb 2024 12:20:35 -0800 


    [ 
https://issues.apache.org/jira/browse/HBASE-25051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17815001#comment-17815001
 ] 

Hudson commented on HBASE-25051:
--------------------------------

Results for branch master
        [build #1005 on 
builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1005/]: 
(/) *{color:green}+1 overall{color}*
----
details (if available):

(/) {color:green}+1 general checks{color}
-- For more information [see general 
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1005/General_20Nightly_20Build_20Report/]




(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3) 
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1005/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/]


(/) {color:green}+1 jdk11 hadoop3 checks{color}
-- For more information [see jdk11 
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/1005/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/]


(/) {color:green}+1 source release artifact{color}
-- See build output for details.


(/) {color:green}+1 client integration test{color}


> DIGEST based auth broken for rpc based ConnectionRegistry
> ---------------------------------------------------------
>
>                 Key: HBASE-25051
>                 URL: https://issues.apache.org/jira/browse/HBASE-25051
>             Project: HBase
>          Issue Type: Sub-task
>          Components: Client, security
>    Affects Versions: 3.0.0-alpha-1, 2.3.0, 1.7.0
>            Reporter: Bharath Vissapragada
>            Assignee: Duo Zhang
>            Priority: Minor
>              Labels: pull-request-available
>
> DIGEST-MD5 based sasl auth depends on cluster-ID to obtain tokens. With 
> master registry, we have a circular dependency here because master registry 
> needs an rpcClient to talk to masters (and to get cluster ID) and rpc-Client 
> needs a clusterId if DIGEST based auth is configured. Earlier, there was a ZK 
> client that has its own authentication mechanism to fetch the cluster ID.
> HBASE-23330, I think doesn't fully fix the problem. It depends on an active 
> connection to fetch delegation tokens for the MR job and that inherently 
> assumes that the active connection does not use a DIGEST auth.
> It is not clear to me how common it is to use DIGEST based auth in 
> connections.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to