You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Marton Elek (Jira)" <ji...@apache.org> on 2020/06/12 07:18:00 UTC

[jira] [Comment Edited] (HDDS-1354) Kerberos principal configuration of OzoneManager doesn't use FQDN

    [ https://issues.apache.org/jira/browse/HDDS-1354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17133611#comment-17133611 ] 

Marton Elek edited comment on HDDS-1354 at 6/12/20, 7:17 AM:
-------------------------------------------------------------

I took another look at the issue. Seems that it is not an issue as CM is using _HOST as shown below for om and scm principals. Resolve this as not a problem. cc: [~elek] please reopen for 0.7.0 if you think differently.

 
{code:java}
<property>
 <name>ozone.om.kerberos.principal</name>
 <value>om/_HOST@ROOT.HWX.SITE</value>
 </property>Cancel
 <property>
 <name>hdds.scm.kerberos.principal</name>
 <value>scm/_HOST@ROOT.HWX.SITE</value>
</property> {code}


was (Author: xyao):
I took another look at the issue. Seems that it is not an issue as CM is using _HOST as shown below for om and scm principals. Resolve this as not a problem. cc: [~elek] please reopen for 0.7.0 if you think differently. 

  <property>
    <name>ozone.om.kerberos.principal</name>
    <value>om/_HOST@ROOT.HWX.SITE</value>
  </property>
  <property>
    <name>hdds.scm.kerberos.principal</name>
    <value>scm/_HOST@ROOT.HWX.SITE</value>
  </property>

> Kerberos principal configuration of OzoneManager doesn't use FQDN
> -----------------------------------------------------------------
>
>                 Key: HDDS-1354
>                 URL: https://issues.apache.org/jira/browse/HDDS-1354
>             Project: Hadoop Distributed Data Store
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 0.4.0
>            Reporter: Marton Elek
>            Assignee: Ajay Kumar
>            Priority: Minor
>              Labels: Triaged
>
> In the "*.kerberos.principal" settings hadoop supports the _HOST variable which is replaced to the fully qualified domain name.
> For example:
> {code}
> OZONE-SITE.XML_hdds.scm.kerberos.principal: "scm/_HOST@EXAMPLE.COM"
> {code}
> It works well with scm but for om it uses the hostname instead of the FQDN. (SCM uses the HddsServerUtil.getScmBlockClientBindAddress which uses the  _bind_ address but the om uses the om rpc address).
> I would suggest to use the same behaviour for both SCM and OM.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org