You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Robert Joseph Evans (JIRA)" <ji...@apache.org> on 2018/09/26 17:21:01 UTC
[jira] [Created] (ZOOKEEPER-3156) ZOOKEEPER-2184 causes kerberos
principal to not have resolved host name
Robert Joseph Evans created ZOOKEEPER-3156:
----------------------------------------------
Summary: ZOOKEEPER-2184 causes kerberos principal to not have resolved host name
Key: ZOOKEEPER-3156
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3156
Project: ZooKeeper
Issue Type: Bug
Components: java client
Affects Versions: 3.4.13
Reporter: Robert Joseph Evans
Assignee: Robert Joseph Evans
Prior to ZOOKEEPER-2184 the zookeeper client would canonicalize a configured host name before creating the SASL client which is used to create the principal name. After ZOOKEEPER-2184 that canonicalization does not happen so the principal that the ZK client tries to use when it is configured to talk to a CName is different between 3.4.13 and all previous versions of ZK.
For example
zk1.mycluster.mycompany.com maps to real-node.mycompany.com.
3.4.13 will want the server to have [zookeeper/zk1.mycluster.com@KDC.MYCOMPANY.COM|mailto:zookeeper/zk1.mycluster.com@KDC.MYCOMPANY.COM]
3.4.12 wants the server to have [zookeeper/real-node.mycompany.com@KDC.MYCOMPANY.COM|mailto:zookeeper/real-node.mycompany.com@KDC.MYCOMPANY.COM]
This makes 3.4.13 incompatible with many ZK setups currently in existence. It would be nice to have that resolution be optional because in some cases it might be nice to have a single principal tied to the cname.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)