Especially the security folks (Andy, Gary).
https://issues.apache.org/jira/browse/HBASE-7829

This is a followup to a change introduced in 0.94.4. If this breaks secure operation I would sink the RC (sigh).

-- Lars

I produced diff of
src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java between HBASE-4791
(in 0.94.4) to the tip of 0.94

The code corrected by HBASE-7829 wasn't a regression since 0.94.4

FYI

On Mon, Feb 11, 2013 at 9:52 PM, lars hofhansl <[EMAIL PROTECTED]> wrote:

> Especially the security folks (Andy, Gary).
>
>
> https://issues.apache.org/jira/browse/HBASE-7829
>
> This is a followup to a change introduced in 0.94.4. If this breaks secure
> operation I would sink the RC (sigh).
>
> -- Lars
>
>

I find this in that HBASE-4791 change:
+    // If keyTab is not specified use the Ticket Cache.
+    // and set the zookeeper login context name.
+    JaasConfiguration jaasConf = new JaasConfiguration(loginContextName,
+      keytabFilename, principalName);
+    javax.security.auth.login.Configuration.setConfiguration(jaasConf);
This was introduced with 0.94.4. It's not a regression since then, but still a bug introduced by the last stable point release.
If it's not serious I won't sink the RC. But if it is, we should fix it.

-- Lars
----- Original Message -----
From: Ted Yu <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]; lars hofhansl <[EMAIL PROTECTED]>
Cc:
Sent: Monday, February 11, 2013 10:05 PM
Subject: Re: Please have a look at HBASE-7829

I produced diff of
src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java between HBASE-4791
(in 0.94.4) to the tip of 0.94

The code corrected by HBASE-7829 wasn't a regression since 0.94.4

FYI

On Mon, Feb 11, 2013 at 9:52 PM, lars hofhansl <[EMAIL PROTECTED]> wrote:

> Especially the security folks (Andy, Gary).
>
>
> https://issues.apache.org/jira/browse/HBASE-7829
>
> This is a followup to a change introduced in 0.94.4. If this breaks secure
> operation I would sink the RC (sigh).
>
> -- Lars
>
>

As mentioned in a comment on HBASE-7829 jira, the old way of
specifying jaas conf still works. That makes it less serious of a
problem. So +1 from me on this release still, but I guess we should
document it in a release note or something.
On Mon, Feb 11, 2013 at 10:19 PM, lars hofhansl <[EMAIL PROTECTED]> wrote:
> I find this in that HBASE-4791 change:
> +    // If keyTab is not specified use the Ticket Cache.
> +    // and set the zookeeper login context name.
> +    JaasConfiguration jaasConf = new JaasConfiguration(loginContextName,
> +      keytabFilename, principalName);
> +    javax.security.auth.login.Configuration.setConfiguration(jaasConf);
>
>
> This was introduced with 0.94.4. It's not a regression since then, but still a bug introduced by the last stable point release.
> If it's not serious I won't sink the RC. But if it is, we should fix it.
>
> -- Lars
>
>
> ----- Original Message -----
> From: Ted Yu <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]; lars hofhansl <[EMAIL PROTECTED]>
> Cc:
> Sent: Monday, February 11, 2013 10:05 PM
> Subject: Re: Please have a look at HBASE-7829
>
> I produced diff of
> src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java between HBASE-4791
> (in 0.94.4) to the tip of 0.94
>
> The code corrected by HBASE-7829 wasn't a regression since 0.94.4
>
> FYI
>
> On Mon, Feb 11, 2013 at 9:52 PM, lars hofhansl <[EMAIL PROTECTED]> wrote:
>
>> Especially the security folks (Andy, Gary).
>>
>>
>> https://issues.apache.org/jira/browse/HBASE-7829
>>
>> This is a followup to a change introduced in 0.94.4. If this breaks secure
>> operation I would sink the RC (sigh).
>>
>> -- Lars
>>
>>
>

Thanks for looking Devaraj and Ted. Francis commented on the issue as well.
We'll fix this for 0.94.6.
-- Lars

----- Original Message -----
From: Devaraj Das <[EMAIL PROTECTED]>
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>; lars hofhansl <[EMAIL PROTECTED]>
Cc:
Sent: Monday, February 11, 2013 11:15 PM
Subject: Re: Please have a look at HBASE-7829

As mentioned in a comment on HBASE-7829 jira, the old way of
specifying jaas conf still works. That makes it less serious of a
problem. So +1 from me on this release still, but I guess we should
document it in a release note or something.
On Mon, Feb 11, 2013 at 10:19 PM, lars hofhansl <[EMAIL PROTECTED]> wrote:
> I find this in that HBASE-4791 change:
> +    // If keyTab is not specified use the Ticket Cache.
> +    // and set the zookeeper login context name.
> +    JaasConfiguration jaasConf = new JaasConfiguration(loginContextName,
> +      keytabFilename, principalName);
> +    javax.security.auth.login.Configuration.setConfiguration(jaasConf);
>
>
> This was introduced with 0.94.4. It's not a regression since then, but still a bug introduced by the last stable point release.
> If it's not serious I won't sink the RC. But if it is, we should fix it.
>
> -- Lars
>
>
> ----- Original Message -----
> From: Ted Yu <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]; lars hofhansl <[EMAIL PROTECTED]>
> Cc:
> Sent: Monday, February 11, 2013 10:05 PM
> Subject: Re: Please have a look at HBASE-7829
>
> I produced diff of
> src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java between HBASE-4791
> (in 0.94.4) to the tip of 0.94
>
> The code corrected by HBASE-7829 wasn't a regression since 0.94.4
>
> FYI
>
> On Mon, Feb 11, 2013 at 9:52 PM, lars hofhansl <[EMAIL PROTECTED]> wrote:
>
>> Especially the security folks (Andy, Gary).
>>
>>
>> https://issues.apache.org/jira/browse/HBASE-7829
>>
>> This is a followup to a change introduced in 0.94.4. If this breaks secure
>> operation I would sink the RC (sigh).
>>
>> -- Lars
>>
>>
>