[ https://issues.apache.org/jira/browse/ZOOKEEPER-3156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16629283#comment-16629283 ]
Andor Molnar commented on ZOOKEEPER-3156: ----------------------------------------- I like the idea of having a configuration switch for that, because I'm not entirely sure what would be the right behaviour. [~revans2] Do you have a patch already? > ZOOKEEPER-2184 causes kerberos principal to not have resolved host name > ----------------------------------------------------------------------- > > Key: ZOOKEEPER-3156 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3156 > Project: ZooKeeper > Issue Type: Bug > Components: java client > Affects Versions: 3.6.0, 3.4.13, 3.5.5 > Reporter: Robert Joseph Evans > Assignee: Robert Joseph Evans > Priority: Blocker > > Prior to ZOOKEEPER-2184 the zookeeper client would canonicalize a configured > host name before creating the SASL client which is used to create the > principal name. After ZOOKEEPER-2184 that canonicalization does not happen > so the principal that the ZK client tries to use when it is configured to > talk to a CName is different between 3.4.13 and all previous versions of ZK. > > For example > > zk1.mycluster.mycompany.com maps to real-node.mycompany.com. > > 3.4.13 will want the server to have > [zookeeper/zk1.mycluster....@kdc.mycompany.com|mailto:zookeeper/zk1.mycluster....@kdc.mycompany.com] > 3.4.12 wants the server to have > [zookeeper/real-node.mycompany....@kdc.mycompany.com|mailto:zookeeper/real-node.mycompany....@kdc.mycompany.com] > > This makes 3.4.13 incompatible with many ZK setups currently in existence. > It would be nice to have that resolution be optional because in some cases it > might be nice to have a single principal tied to the cname. -- This message was sent by Atlassian JIRA (v7.6.3#76005)