[
https://issues.apache.org/jira/browse/ZOOKEEPER-4030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Enrico Olivelli resolved ZOOKEEPER-4030.
----------------------------------------
Fix Version/s: 3.7.0
Resolution: Fixed
Issue resolved by pull request 1564
[https://github.com/apache/zookeeper/pull/1564]
> Optionally canonicalize host names in quorum SASL authentication
> ----------------------------------------------------------------
>
> Key: ZOOKEEPER-4030
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4030
> Project: ZooKeeper
> Issue Type: New Feature
> Components: kerberos, quorum, server
> Affects Versions: 3.7.0
> Reporter: Damien Diederen
> Assignee: Damien Diederen
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.7.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> ZOOKEEPER-3156 introduced an option for canonicalizing the host name used by
> the Java client before starting SASL authentication, allowing
> Kerberos-authenticating servers to be referenced by {{CNAME}}.
> The example given in that ticket's description explains how without that
> option, the client would compose a non-functional principal akin to
> {{zookeeper/zk1.mycluster.mycompany.com@...}} instead of the required
> {{zookeeper/real-node.mycompany.com@...}}.
> This is about introducing a similar option for server-to-server connections.
> It would allow enabling quorum SASL authentication for ensembles defined
> using {{CNAME}}s.
> (Self-assigning as I have been working on this.)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
