You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by ta...@apache.org on 2018/07/17 00:51:18 UTC

impala git commit: IMPALA-7299: [DOCS] A known issue with IMPALA-7298

Repository: impala
Updated Branches:
  refs/heads/master df78eaec0 -> 9bcc8c6ac


IMPALA-7299: [DOCS] A known issue with IMPALA-7298

Kerberos authentication fails with the reverse DNS lookup disabled.

Change-Id: I5b8104a2747b4e8051d4bdcab906486444680218
Reviewed-on: http://gerrit.cloudera.org:8080/10952
Reviewed-by: Sailesh Mukil <sa...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>


Project: http://git-wip-us.apache.org/repos/asf/impala/repo
Commit: http://git-wip-us.apache.org/repos/asf/impala/commit/9bcc8c6a
Tree: http://git-wip-us.apache.org/repos/asf/impala/tree/9bcc8c6a
Diff: http://git-wip-us.apache.org/repos/asf/impala/diff/9bcc8c6a

Branch: refs/heads/master
Commit: 9bcc8c6ace321514a9853ca6494e6112ed6ebca5
Parents: df78eae
Author: Alex Rodoni <ar...@cloudera.com>
Authored: Mon Jul 16 10:29:38 2018 -0700
Committer: Impala Public Jenkins <im...@cloudera.com>
Committed: Mon Jul 16 18:21:37 2018 +0000

----------------------------------------------------------------------
 docs/topics/impala_known_issues.xml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/impala/blob/9bcc8c6a/docs/topics/impala_known_issues.xml
----------------------------------------------------------------------
diff --git a/docs/topics/impala_known_issues.xml b/docs/topics/impala_known_issues.xml
index 59b4606..66df6e7 100644
--- a/docs/topics/impala_known_issues.xml
+++ b/docs/topics/impala_known_issues.xml
@@ -344,6 +344,28 @@ under the License.
       </p>
       </conbody>
     </concept>
+    <concept id="IMPALLA-7298">
+      <title>Kerberos authentication fails with the reverse DNS lookup
+        disabled</title>
+      <conbody>
+        <p> Kerberos authentication does not function correctly if <codeph>rdns
+            = false</codeph> is configured in <codeph>krb5.conf</codeph>. If the
+          flag <codeph>rdns = false</codeph>, when Impala tries to match
+          principals, it will fail because Kerberos receives a SPN (Service
+          Principal Name) with an IP address in it, but Impala expects a
+          principal with a FQDN in it.</p>
+        <p>
+          <b>Bug:</b>
+          <xref keyref="IMPALA-7298">IMPALA-7298</xref></p>
+        <p><b>Affected Versions:</b> Impala 2.12.0 and 3.0</p>
+        <p>
+          <b>Workaround:</b> Set the following flags in
+            <codeph>krb5.conf</codeph>: <ul>
+            <li><codeph>dns_canonicalize_hostname = true</codeph></li>
+            <li><codeph>rdns = true</codeph></li>
+          </ul></p>
+      </conbody>
+    </concept>
 </concept>
 
   <concept id="known_issues_resources">