[jira] [Comment Edited] (HDDS-1354) Kerberos principal configuration of OzoneManager doesn't use FQDN

Fri, 12 Jun 2020 00:18:25 -0700 


    [ 
https://issues.apache.org/jira/browse/HDDS-1354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17133611#comment-17133611
 ] 

Marton Elek edited comment on HDDS-1354 at 6/12/20, 7:17 AM:
-------------------------------------------------------------

I took another look at the issue. Seems that it is not an issue as CM is using 
_HOST as shown below for om and scm principals. Resolve this as not a problem. 
cc: [~elek] please reopen for 0.7.0 if you think differently.

 
{code:java}
<property>
 <name>ozone.om.kerberos.principal</name>
 <value>om/_h...@root.hwx.site</value>
 </property>Cancel
 <property>
 <name>hdds.scm.kerberos.principal</name>
 <value>scm/_h...@root.hwx.site</value>
</property> {code}


was (Author: xyao):
I took another look at the issue. Seems that it is not an issue as CM is using 
_HOST as shown below for om and scm principals. Resolve this as not a problem. 
cc: [~elek] please reopen for 0.7.0 if you think differently. 

  <property>
    <name>ozone.om.kerberos.principal</name>
    <value>om/_h...@root.hwx.site</value>
  </property>
  <property>
    <name>hdds.scm.kerberos.principal</name>
    <value>scm/_h...@root.hwx.site</value>
  </property>

> Kerberos principal configuration of OzoneManager doesn't use FQDN
> -----------------------------------------------------------------
>
>                 Key: HDDS-1354
>                 URL: https://issues.apache.org/jira/browse/HDDS-1354
>             Project: Hadoop Distributed Data Store
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 0.4.0
>            Reporter: Marton Elek
>            Assignee: Ajay Kumar
>            Priority: Minor
>              Labels: Triaged
>
> In the "*.kerberos.principal" settings hadoop supports the _HOST variable 
> which is replaced to the fully qualified domain name.
> For example:
> {code}
> OZONE-SITE.XML_hdds.scm.kerberos.principal: "scm/_h...@example.com"
> {code}
> It works well with scm but for om it uses the hostname instead of the FQDN. 
> (SCM uses the HddsServerUtil.getScmBlockClientBindAddress which uses the  
> _bind_ address but the om uses the om rpc address).
> I would suggest to use the same behaviour for both SCM and OM.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: ozone-issues-h...@hadoop.apache.org

Reply via email to