(incubator-pegasus) branch v2.5 updated: feat: configure zookeeper c client for Kerberos authentication when KDC is configured with "rdns = false" (#1864) (#1867)

gehafearless Tue, 23 Jan 2024 00:19:05 -0800

This is an automated email from the ASF dual-hosted git repository.

gehafearless pushed a commit to branch v2.5
in repository https://gitbox.apache.org/repos/asf/incubator-pegasus.git



The following commit(s) were added to refs/heads/v2.5 by this push:
     new 94b21f917 feat: configure zookeeper c client for Kerberos 
authentication when KDC is configured with "rdns = false" (#1864) (#1867)
94b21f917 is described below

commit 94b21f917dec0bdee9af3ee988f6b07bfeb7166d
Author: Guohao Li <[email protected]>
AuthorDate: Tue Jan 23 16:18:55 2024 +0800

    feat: configure zookeeper c client for Kerberos authentication when KDC is 
configured with "rdns = false" (#1864) (#1867)
    
    issue: https://github.com/apache/incubator-pegasus/issues/1863
---
 src/zookeeper/zookeeper_session.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/zookeeper/zookeeper_session.cpp 
b/src/zookeeper/zookeeper_session.cpp
index bfa7bed7a..690e378ad 100644
--- a/src/zookeeper/zookeeper_session.cpp
+++ b/src/zookeeper/zookeeper_session.cpp
@@ -38,6 +38,7 @@
 #include <utility>
 
 #include "runtime/app_model.h"
+#include "runtime/rpc/rpc_address.h"
 #include "utils/flags.h"
 #include "utils/fmt_logging.h"
 #include "zookeeper/proto.h"
@@ -51,6 +52,10 @@ DSN_DEFINE_string(security,
                   zookeeper_kerberos_service_name,
                   "zookeeper",
                   "zookeeper kerberos service name");
+DSN_DEFINE_string(security,
+                  zookeeper_sasl_service_fqdn,
+                  "",
+                  "The FQDN of a Zookeeper server, used in Kerberos 
Principal");
 } // namespace security
 } // namespace dsn
 
@@ -169,6 +174,11 @@ int zookeeper_session::attach(void *callback_owner, const 
state_callback &cb)
             zoo_sasl_params_t sasl_params = {0};
             sasl_params.service = 
dsn::security::FLAGS_zookeeper_kerberos_service_name;
             sasl_params.mechlist = "GSSAPI";
+            rpc_address addr;
+            
CHECK(addr.from_string_ipv4(dsn::security::FLAGS_zookeeper_sasl_service_fqdn),
+                  "zookeeper_sasl_service_fqdn {} is invalid",
+                  dsn::security::FLAGS_zookeeper_sasl_service_fqdn);
+            sasl_params.host = 
dsn::security::FLAGS_zookeeper_sasl_service_fqdn;
             _handle = zookeeper_init_sasl(FLAGS_hosts_list,
                                           global_watcher,
                                           FLAGS_timeout_ms,


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(incubator-pegasus) branch v2.5 updated: feat: configure zookeeper c client for Kerberos authentication when KDC is configured with "rdns = false" (#1864) (#1867)

Reply via email to