You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by jo...@apache.org on 2019/05/28 18:16:43 UTC
[impala] branch 2.x updated: IMPALA-7299: [DOCS] A known issue with
IMPALA-7298
This is an automated email from the ASF dual-hosted git repository.
joemcdonnell pushed a commit to branch 2.x
in repository https://gitbox.apache.org/repos/asf/impala.git
The following commit(s) were added to refs/heads/2.x by this push:
new 97ca8d1 IMPALA-7299: [DOCS] A known issue with IMPALA-7298
97ca8d1 is described below
commit 97ca8d1f4c24c21ba65b036580e27606bf4c939b
Author: Alex Rodoni <ar...@cloudera.com>
AuthorDate: Mon Jul 16 10:29:38 2018 -0700
IMPALA-7299: [DOCS] A known issue with IMPALA-7298
Kerberos authentication fails with the reverse DNS lookup disabled.
Change-Id: I5b8104a2747b4e8051d4bdcab906486444680218
Reviewed-on: http://gerrit.cloudera.org:8080/10952
Reviewed-by: Sailesh Mukil <sa...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
Reviewed-on: http://gerrit.cloudera.org:8080/13449
Reviewed-by: Alex Rodoni <ar...@cloudera.com>
---
docs/topics/impala_authorization.xml | 1 +
docs/topics/impala_known_issues.xml | 26 ++++++++++++++++++++++++--
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/docs/topics/impala_authorization.xml b/docs/topics/impala_authorization.xml
index 39932f6..300be65 100644
--- a/docs/topics/impala_authorization.xml
+++ b/docs/topics/impala_authorization.xml
@@ -799,6 +799,7 @@ server=impala-host.example.com->db=*->table=*->action=CREATE
server=impala-host.example.com->db=*->table=audit_log->action=SELECT
server=impala-host.example.com->db=default->table=t1->action=*
</codeblock>
+ </p>
</example>
</conbody>
diff --git a/docs/topics/impala_known_issues.xml b/docs/topics/impala_known_issues.xml
index 8910328..2061e53 100644
--- a/docs/topics/impala_known_issues.xml
+++ b/docs/topics/impala_known_issues.xml
@@ -934,8 +934,6 @@ select * from tab_separated; -- 20 second delay before getting "Cancelled due to
</concept>
-->
- </concept>
-
<concept id="impala-6726">
<title>Catalog server's kerberos ticket gets deleted after 'ticket_lifetime' on SLES11</title>
@@ -969,6 +967,30 @@ select * from tab_separated; -- 20 second delay before getting "Cancelled due to
</concept>
+ <concept id="IMPALLA-7298">
+ <title>Kerberos authentication fails with the reverse DNS lookup
+ disabled</title>
+ <conbody>
+ <p> Kerberos authentication does not function correctly if <codeph>rdns
+ = false</codeph> is configured in <codeph>krb5.conf</codeph>. If the
+ flag <codeph>rdns = false</codeph>, when Impala tries to match
+ principals, it will fail because Kerberos receives a SPN (Service
+ Principal Name) with an IP address in it, but Impala expects a
+ principal with a FQDN in it.</p>
+ <p>
+ <b>Bug:</b>
+ <xref keyref="IMPALA-7298">IMPALA-7298</xref></p>
+ <p><b>Affected Versions:</b> Impala 2.12.0 and 3.0</p>
+ <p>
+ <b>Workaround:</b> Set the following flags in
+ <codeph>krb5.conf</codeph>: <ul>
+ <li><codeph>dns_canonicalize_hostname = true</codeph></li>
+ <li><codeph>rdns = true</codeph></li>
+ </ul></p>
+ </conbody>
+ </concept>
+</concept>
+
<concept id="known_issues_resources">
<title id="ki_resources">Impala Known Issues: Resources</title>