Yes, it probably could be considered a bug. As we were adding authentication and authorization to the project, we did so for Thrift servers via these plugins. Our team was soon after required to use Kerberos/SASL because of production environment and security constraints. So we moved on using the Kerberos plugin exclusively.
I imagine—but I do not specifically recall—that Andy did test successfully at the time using a non-production environment—possibly even with the client and server both on the same 'localhost'. The intention with these plugins was always that they could be configured in a production environment, and so it seems to me that this value could be made configurable rather than hard-coded. -- Derek On Tue, Jun 30, 2020 at 04:56:22PM -0500, Ethan Li wrote: > > This looks like a bug. But I have never used this plugin so I am not sure at > this moment. Do you have a stack trace that I can take a look? > > > On Jun 26, 2020, at 7:06 AM, Liang Zhao <alpha....@gmail.com> wrote: > > > > Hi, > > > > Due to not being able to use Kerberos, we are exploring > > the DigestSaslTransportPlugin/PlainSaslTransportPlugin as an alternative. > > However, when we try to set up a storm cluster with > > DigestSaslTransportPlugin on kubernetes, we came across errors that > > SaslException, that digest response format violation, Mismatched URI, > > storm_thrift_server/nimbus; expecting storm_thrift_server/localhost. > > > > A close look at the code indicates there is a hardcode "localhost" in the > > plugin, and this code has been there for many years. > > > > https://github.com/apache/storm/blob/master/storm-client/src/jvm/org/apache/storm/security/auth/digest/DigestSaslTransportPlugin.java#L53 > > > > I'm a bit puzzled as if this is intentional and can be walked around in > > configuration or it's a bug that should be fixed? > > > > Thanks, > > Liang >
