aerfalwl opened a new issue #12868:
URL: https://github.com/apache/pulsar/issues/12868
**Describe the bug**
1. The version of puslar cluster is 2.7.0.
2. Cluster uses kerberos for authentication.
3. When use tools pulsar-admin to list topics under public/default,
pulsar-admin shows the following exceptions:
```shell
org.apache.pulsar.client.impl.auth.PulsarSaslClient - Using JAAS/SASL/GSSAPI
auth to connect to server Principal broker/host12,
null
Reason: java.util.concurrent.TimeoutException
```
and the broker shows the following exceptions:
```shell
Caused by: java.lang.IllegalArgumentException: Malformed Kerberos name:
broker/http://host14:8080/admin/v2/non-persistent/public/default/0x00000000_0x10000...@krb5.com
at
org.apache.pulsar.common.sasl.KerberosName.<init>(KerberosName.java:127)
~[org.apache.pulsar-pulsar-common-2.7.0.jar:2.7.0]
at
org.apache.pulsar.client.impl.auth.PulsarSaslClient.<init>(PulsarSaslClient.java:70)
~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
at
org.apache.pulsar.client.impl.auth.AuthenticationSasl.getAuthData(AuthenticationSasl.java:100)
~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
at
org.apache.pulsar.client.impl.auth.AuthenticationSasl.newRequestHeader(AuthenticationSasl.java:227)
~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
at
org.apache.pulsar.client.impl.auth.AuthenticationSasl.newRequestBuilder(AuthenticationSasl.java:198)
~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
at
org.apache.pulsar.client.impl.auth.AuthenticationSasl.authenticationStage(AuthenticationSasl.java:307)
~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
at
org.apache.pulsar.client.impl.auth.AuthenticationSasl$1.completed(AuthenticationSasl.java:313)
~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
at
org.apache.pulsar.client.impl.auth.AuthenticationSasl$1.completed(AuthenticationSasl.java:308)
~[org.apache.pulsar-pulsar-client-auth-sasl-2.7.0.jar:2.7.0]
at
org.glassfish.jersey.client.JerseyInvocation$1.completed(JerseyInvocation.java:814)
~[org.glassfish.jersey.core-jersey-client-2.31.jar:?]
at
org.glassfish.jersey.client.ClientRuntime.processResponse(ClientRuntime.java:229)
~[org.glassfish.jersey.core-jersey-client-2.31.jar:?]
at
org.glassfish.jersey.client.ClientRuntime.access$200(ClientRuntime.java:62)
~[org.glassfish.jersey.core-jersey-client-2.31.jar:?]
at
org.glassfish.jersey.client.ClientRuntime$2.lambda$response$0(ClientRuntime.java:173)
~[org.glassfish.jersey.core-jersey-client-2.31.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
~[org.glassfish.jersey.core-jersey-common-2.31.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
~[org.glassfish.jersey.core-jersey-common-2.31.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
~[org.glassfish.jersey.core-jersey-common-2.31.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
~[org.glassfish.jersey.core-jersey-common-2.31.jar:?]
```
**To Reproduce**
The bug happens occasionally.
**Expect Behavior**
Kerberos client should use principal serverType/hostname@ream to connect the
kdc server, in this case, it should be something like broker/hos...@krb5.com
instead of
broker/http://host14:8080/admin/v2/non-persistent/public/default/0x00000000_0x10000...@krb5.com.
**Possiable Reason**
When following the exception chain, I find the code below that in the file
pulsar-client-auth-sasl\src\main\java\org\apache\pulsar\client\impl\auth\AuthenticationSasl.java,
Maybe we should use `target.getUri().getHost()` instead of
`target.getUri().toString()`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
