You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2019/11/12 05:57:00 UTC

[jira] [Commented] (KUDU-2989) SASL server fails when FQDN is greater than 63 characters long

    [ https://issues.apache.org/jira/browse/KUDU-2989?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16972090#comment-16972090 ] 

ASF subversion and git services commented on KUDU-2989:
-------------------------------------------------------

Commit 3b84cf781aa5e0f7c2c8c4f60a21d82ad7fffb3e in kudu's branch refs/heads/branch-1.11.x from Todd Lipcon
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=3b84cf7 ]

KUDU-2989. Work around SASL bug when FQDN is >=64 characters

This adds a workaround for an upstream SASL bug which is triggered when
the FQDN has more than 64 characters. In this case, SASL would truncate
the FQDN and not be able to find the relevant keytab.

The workaround simply uses our own code to determine the FQDN.

Change-Id: I4898814f2f7ab87151798336414dde7078d28a4a
Reviewed-on: http://gerrit.cloudera.org:8080/14609
Reviewed-by: Anurag Mantripragada <an...@cloudera.com>
Reviewed-by: Adar Dembo <ad...@cloudera.com>
Tested-by: Kudu Jenkins
(cherry picked from commit 111b13775193820b3e3551368fe00a8f00387007)
Reviewed-on: http://gerrit.cloudera.org:8080/14687
Reviewed-by: Grant Henke <gr...@apache.org>
Tested-by: Alexey Serbin <as...@cloudera.com>


> SASL server fails when FQDN is greater than 63 characters long
> --------------------------------------------------------------
>
>                 Key: KUDU-2989
>                 URL: https://issues.apache.org/jira/browse/KUDU-2989
>             Project: Kudu
>          Issue Type: Bug
>          Components: rpc, security
>    Affects Versions: 1.10.0
>            Reporter: Todd Lipcon
>            Priority: Critical
>
> Currently, on the server side, Kudu doesn't explicitly pass the host's FQDN into the SASL library. Due to an upstream SASL bug (https://github.com/cyrusimap/cyrus-sasl/issues/583) the FQDN gets truncated when trying to determine the server's principal, in the case that the server's fQDN is longer than 64 characters.
> This results in startup failures where the preflight checks fail due to not finding the appropriate keytab entry (after searching for a truncated host name)
> To work around this, we should use our own code to compute the FQDN.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)