You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@zookeeper.apache.org by "Damien Diederen (Jira)" <ji...@apache.org> on 2020/12/17 18:14:00 UTC

[jira] [Created] (ZOOKEEPER-4030) Optionally canonicalize host names in quorum SASL authentication

Damien Diederen created ZOOKEEPER-4030:
------------------------------------------

             Summary: Optionally canonicalize host names in quorum SASL authentication
                 Key: ZOOKEEPER-4030
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4030
             Project: ZooKeeper
          Issue Type: New Feature
          Components: kerberos, quorum, server
    Affects Versions: 3.7.0
            Reporter: Damien Diederen
            Assignee: Damien Diederen


ZOOKEEPER-3156 introduced an option for canonicalizing the host name used by the Java client before starting SASL authentication, allowing Kerberos-authenticating servers to be referenced by {{CNAME}}.

The example given in that ticket's description explains how without that option, the client would compose a non-functional principal akin to {{zookeeper/zk1.mycluster.mycompany.com@...}} instead of the required {{zookeeper/real-node.mycompany.com@...}}.

This is about introducing a similar option for server-to-server connections. It would allow enabling quorum SASL authentication for ensembles defined using {{CNAME}}s.

(Self-assigning as I have been working on this.)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)