You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Damien Diederen (Jira)" <ji...@apache.org> on 2020/12/17 18:14:00 UTC
[jira] [Created] (ZOOKEEPER-4030) Optionally canonicalize host
names in quorum SASL authentication
Damien Diederen created ZOOKEEPER-4030:
------------------------------------------
Summary: Optionally canonicalize host names in quorum SASL authentication
Key: ZOOKEEPER-4030
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4030
Project: ZooKeeper
Issue Type: New Feature
Components: kerberos, quorum, server
Affects Versions: 3.7.0
Reporter: Damien Diederen
Assignee: Damien Diederen
ZOOKEEPER-3156 introduced an option for canonicalizing the host name used by the Java client before starting SASL authentication, allowing Kerberos-authenticating servers to be referenced by {{CNAME}}.
The example given in that ticket's description explains how without that option, the client would compose a non-functional principal akin to {{zookeeper/zk1.mycluster.mycompany.com@...}} instead of the required {{zookeeper/real-node.mycompany.com@...}}.
This is about introducing a similar option for server-to-server connections. It would allow enabling quorum SASL authentication for ensembles defined using {{CNAME}}s.
(Self-assigning as I have been working on this.)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)