[jira] [Commented] (ZOOKEEPER-3156) ZOOKEEPER-2184 causes kerberos principal to not have resolved host name

Mon, 05 Nov 2018 14:20:57 -0800 


    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-3156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16675821#comment-16675821
 ] 

Hudson commented on ZOOKEEPER-3156:
-----------------------------------

FAILURE: Integrated in Jenkins build Zookeeper-trunk-single-thread #94 (See 
[https://builds.apache.org/job/Zookeeper-trunk-single-thread/94/])
ZOOKEEPER-3156: Add in option to canonicalize host name (andor: rev 
83fd6e298dda420125f8be35fda68cb226b0ee05)
* (add) 
zookeeper-server/src/main/java/org/apache/zookeeper/SaslServerPrincipal.java
* (edit) 
zookeeper-server/src/main/java/org/apache/zookeeper/client/ZKClientConfig.java
* (edit) zookeeper-server/src/main/java/org/apache/zookeeper/ClientCnxn.java
* (add) 
zookeeper-server/src/test/java/org/apache/zookeeper/ClientCanonicalizeTest.java


> ZOOKEEPER-2184 causes kerberos principal to not have resolved host name
> -----------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-3156
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3156
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client
>    Affects Versions: 3.6.0, 3.4.13, 3.5.5
>            Reporter: Robert Joseph Evans
>            Assignee: Robert Joseph Evans
>            Priority: Blocker
>              Labels: pull-request-available
>             Fix For: 3.6.0, 3.5.5, 3.4.14
>
>          Time Spent: 12h
>  Remaining Estimate: 0h
>
> Prior to ZOOKEEPER-2184 the zookeeper client would canonicalize a configured 
> host name before creating the SASL client which is used to create the 
> principal name.  After ZOOKEEPER-2184 that canonicalization does not happen 
> so the principal that the ZK client tries to use when it is configured to 
> talk to a CName is different between 3.4.13 and all previous versions of ZK.
>  
> For example
>  
> zk1.mycluster.mycompany.com maps to real-node.mycompany.com.
>  
> 3.4.13 will want the server to have 
> [zookeeper/zk1.mycluster....@kdc.mycompany.com|mailto:zookeeper/zk1.mycluster....@kdc.mycompany.com]
> 3.4.12 wants the server to have 
> [zookeeper/real-node.mycompany....@kdc.mycompany.com|mailto:zookeeper/real-node.mycompany....@kdc.mycompany.com]
>  
> This makes 3.4.13 incompatible with many ZK setups currently in existence.  
> It would be nice to have that resolution be optional because in some cases it 
> might be nice to have a single principal tied to the cname.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to