I think that's good!
On Tue, Jan 23, 2024 at 10:51 PM 张铎(Duo Zhang)
wrote:
> Thanks for the suggestion.
>
> We can do this check, in HBase we only have two roles to connect,
> either master or region server, the only problem here is that we do
> not know whether it is a master or region server,
Thanks for the suggestion.
We can do this check, in HBase we only have two roles to connect,
either master or region server, the only problem here is that we do
not know whether it is a master or region server, so after getting the
server principal, we could check whether it matches the master
Hi folks,
I have experience enabling secure mode (Kerberos) for the HDFS layer on all
of Hubspot's HBase clusters. The pattern in the Hadoop project is for
clients to know what principal, or principal pattern, to expect a server to
present. For example, see
Thanks Bryan.
If no other concerns, let me at least re-implement the PR for
HBASE-25051 based on the approach proposed here.
Bryan Beaudreault 于2024年1月23日周二 21:40写道:
>
> Thanks for pulling this together Duo. I'll take a closer look at this after
> I finish up the 2.6.0 release.
>
> To me the
Thanks for pulling this together Duo. I'll take a closer look at this after
I finish up the 2.6.0 release.
To me the only possibly controversial part is:
> For HBASE-28321, it should be part of our rpc negotiation, where the
server should return its server principal to the client, to let the
RpcConnectionRegistry was introduced in 2.5.0, and since it reduces
the load of zookeeper, I believe it has already been used by lots of
users.
We have already known that it can not work well with token(digest)
based authentication, and have already filed HBASE-25051 for it. and
recently, when