You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by GitBox <gi...@apache.org> on 2021/03/15 09:50:46 UTC
[GitHub] [hbase] bitterfox commented on pull request #3051: HBASE-25665 Option to use hostname instead of canonical hostname for secure HBase cluster connection
bitterfox commented on pull request #3051:
URL: https://github.com/apache/hbase/pull/3051#issuecomment-799280295
A similar patch for the lower HBase version which we use worked well as our testing for our secure cluster without `/etc/hosts`, reverse lookup support.
https://github.com/AdoptOpenJDK/openjdk-jdk11u/blob/c37060d131c4c77ea62e9f07b283a45969c85cd1/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java#L425-L428
This logic prevents to use of unresolved IP addresses.
```
String hostName = nameParts[1];
```
hostName here is "regionserver1.example.com" for example with enabling `hbase.unsafe.client.kerberos.hostname.disable.reversedns` which I propose in this PR.
```
String canonicalized = (InetAddress.getByName(hostName)).
getCanonicalHostName();
```
canonicalized will be IP address if the reverse lookup isn't provided, then will be something like "12.34.56.4"
```
if (canonicalized.toLowerCase(Locale.ENGLISH).startsWith(
hostName.toLowerCase(Locale.ENGLISH)+".")) {
hostName = canonicalized;
}
```
Then `canonicalized.toLowerCase(Locale.ENGLISH).startsWith(hostName.toLowerCase(Locale.ENGLISH)+".")` will be false and hostName is not updated by canonicalized and still "regionserver1.example.com"
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org