(incubator-pegasus) branch master updated: feat: configure zookeeper c client for Kerberos authentication when KDC is configured with "rdns = false" (#1864)

Mon, 22 Jan 2024 20:47:29 -0800 

This is an automated email from the ASF dual-hosted git repository.

wangdan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-pegasus.git


The following commit(s) were added to refs/heads/master by this push:
     new 966c5b831 feat: configure zookeeper c client for Kerberos 
authentication when KDC is configured with "rdns = false" (#1864)
966c5b831 is described below

commit 966c5b831d0a6b9742aea60786c46123f4a053bd
Author: Guohao Li <[email protected]>
AuthorDate: Tue Jan 23 12:47:19 2024 +0800

    feat: configure zookeeper c client for Kerberos authentication when KDC is 
configured with "rdns = false" (#1864)
    
    https://github.com/apache/incubator-pegasus/issues/1863
---
 src/zookeeper/zookeeper_session.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/zookeeper/zookeeper_session.cpp 
b/src/zookeeper/zookeeper_session.cpp
index 9a467b64c..c2c868cd7 100644
--- a/src/zookeeper/zookeeper_session.cpp
+++ b/src/zookeeper/zookeeper_session.cpp
@@ -30,6 +30,7 @@
 #include <utility>
 
 #include "runtime/app_model.h"
+#include "runtime/rpc/rpc_address.h"
 #include "utils/flags.h"
 #include "utils/fmt_logging.h"
 #include "zookeeper/proto.h"
@@ -43,6 +44,10 @@ DSN_DEFINE_string(security,
                   zookeeper_kerberos_service_name,
                   "zookeeper",
                   "zookeeper kerberos service name");
+DSN_DEFINE_string(security,
+                  zookeeper_sasl_service_fqdn,
+                  "",
+                  "The FQDN of a Zookeeper server, used in Kerberos 
Principal");
 } // namespace security
 } // namespace dsn
 
@@ -161,6 +166,11 @@ int zookeeper_session::attach(void *callback_owner, const 
state_callback &cb)
             zoo_sasl_params_t sasl_params = {0};
             sasl_params.service = 
dsn::security::FLAGS_zookeeper_kerberos_service_name;
             sasl_params.mechlist = "GSSAPI";
+            rpc_address addr;
+            
CHECK(addr.from_string_ipv4(dsn::security::FLAGS_zookeeper_sasl_service_fqdn),
+                  "zookeeper_sasl_service_fqdn {} is invalid",
+                  dsn::security::FLAGS_zookeeper_sasl_service_fqdn);
+            sasl_params.host = 
dsn::security::FLAGS_zookeeper_sasl_service_fqdn;
             _handle = zookeeper_init_sasl(FLAGS_hosts_list,
                                           global_watcher,
                                           FLAGS_timeout_ms,


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to