You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by ta...@apache.org on 2018/07/17 00:51:18 UTC
impala git commit: IMPALA-7299: [DOCS] A known issue with IMPALA-7298
Repository: impala
Updated Branches:
refs/heads/master df78eaec0 -> 9bcc8c6ac
IMPALA-7299: [DOCS] A known issue with IMPALA-7298
Kerberos authentication fails with the reverse DNS lookup disabled.
Change-Id: I5b8104a2747b4e8051d4bdcab906486444680218
Reviewed-on: http://gerrit.cloudera.org:8080/10952
Reviewed-by: Sailesh Mukil <sa...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
Project: http://git-wip-us.apache.org/repos/asf/impala/repo
Commit: http://git-wip-us.apache.org/repos/asf/impala/commit/9bcc8c6a
Tree: http://git-wip-us.apache.org/repos/asf/impala/tree/9bcc8c6a
Diff: http://git-wip-us.apache.org/repos/asf/impala/diff/9bcc8c6a
Branch: refs/heads/master
Commit: 9bcc8c6ace321514a9853ca6494e6112ed6ebca5
Parents: df78eae
Author: Alex Rodoni <ar...@cloudera.com>
Authored: Mon Jul 16 10:29:38 2018 -0700
Committer: Impala Public Jenkins <im...@cloudera.com>
Committed: Mon Jul 16 18:21:37 2018 +0000
----------------------------------------------------------------------
docs/topics/impala_known_issues.xml | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/impala/blob/9bcc8c6a/docs/topics/impala_known_issues.xml
----------------------------------------------------------------------
diff --git a/docs/topics/impala_known_issues.xml b/docs/topics/impala_known_issues.xml
index 59b4606..66df6e7 100644
--- a/docs/topics/impala_known_issues.xml
+++ b/docs/topics/impala_known_issues.xml
@@ -344,6 +344,28 @@ under the License.
</p>
</conbody>
</concept>
+ <concept id="IMPALLA-7298">
+ <title>Kerberos authentication fails with the reverse DNS lookup
+ disabled</title>
+ <conbody>
+ <p> Kerberos authentication does not function correctly if <codeph>rdns
+ = false</codeph> is configured in <codeph>krb5.conf</codeph>. If the
+ flag <codeph>rdns = false</codeph>, when Impala tries to match
+ principals, it will fail because Kerberos receives a SPN (Service
+ Principal Name) with an IP address in it, but Impala expects a
+ principal with a FQDN in it.</p>
+ <p>
+ <b>Bug:</b>
+ <xref keyref="IMPALA-7298">IMPALA-7298</xref></p>
+ <p><b>Affected Versions:</b> Impala 2.12.0 and 3.0</p>
+ <p>
+ <b>Workaround:</b> Set the following flags in
+ <codeph>krb5.conf</codeph>: <ul>
+ <li><codeph>dns_canonicalize_hostname = true</codeph></li>
+ <li><codeph>rdns = true</codeph></li>
+ </ul></p>
+ </conbody>
+ </concept>
</concept>
<concept id="known_issues_resources">