You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Laxman (JIRA)" <ji...@apache.org> on 2012/05/16 13:59:02 UTC
[jira] [Created] (ZOOKEEPER-1467) Server principal on client side
is derived using hostname.
Laxman created ZOOKEEPER-1467:
---------------------------------
Summary: Server principal on client side is derived using hostname.
Key: ZOOKEEPER-1467
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
Project: ZooKeeper
Issue Type: Bug
Components: java client
Affects Versions: 3.4.3, 3.4.4, 3.5.0, 4.0.0
Reporter: Laxman
Priority: Blocker
Server principal on client side is derived using hostname.
org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
{code}
try {
zooKeeperSaslClient = new ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
}
{code}
This may have problems when admin wanted some customized principals like zookeeper/clusterid@HADOOP.COM where clusterid is the cluster identifier but not the host name.
IMO, server principal also should be configurable as hadoop is doing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (ZOOKEEPER-1467) Server principal on client side
is derived using hostname.
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13278255#comment-13278255 ]
Hadoop QA commented on ZOOKEEPER-1467:
--------------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12527907/ZOOKEEPER-1467.patch
against trunk revision 1337029.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1080//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1080//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1080//console
This message is automatically generated.
> Server principal on client side is derived using hostname.
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.3, 3.4.4, 3.5.0, 4.0.0
> Reporter: Laxman
> Assignee: Eugene Koontz
> Priority: Blocker
> Labels: Security, client, kerberos, sasl
> Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
> try {
> zooKeeperSaslClient = new ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like zookeeper/clusterid@HADOOP.COM where clusterid is the cluster identifier but not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-1467) Server principal on client side
is derived using hostname.
Posted by "Eugene Koontz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eugene Koontz updated ZOOKEEPER-1467:
-------------------------------------
Attachment: ZOOKEEPER-1467.patch
Improved patch with tests and comments.
> Server principal on client side is derived using hostname.
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.3, 3.4.4, 3.5.0, 4.0.0
> Reporter: Laxman
> Assignee: Eugene Koontz
> Priority: Blocker
> Labels: Security, client, kerberos, sasl
> Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
> try {
> zooKeeperSaslClient = new ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like zookeeper/clusterid@HADOOP.COM where clusterid is the cluster identifier but not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (ZOOKEEPER-1467) Server principal on client side
is derived using hostname.
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13280814#comment-13280814 ]
Laxman commented on ZOOKEEPER-1467:
-----------------------------------
Thanks for the patch Eugene. I think "zookeeper.server.principal" configuration would be better instead of "zookeeper.clusterName".
At the same time we may need to consider to avoid using system properties. Consider a case where my application needs to talk to multiple zk clusters whose principals might be different.
Hope I didn't confuse you. :(
> Server principal on client side is derived using hostname.
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.3, 3.4.4, 3.5.0, 4.0.0
> Reporter: Laxman
> Assignee: Eugene Koontz
> Priority: Blocker
> Labels: Security, client, kerberos, sasl
> Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
> try {
> zooKeeperSaslClient = new ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like zookeeper/clusterid@HADOOP.COM where clusterid is the cluster identifier but not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-1467) Server principal on client side
is derived using hostname.
Posted by "Eugene Koontz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eugene Koontz updated ZOOKEEPER-1467:
-------------------------------------
Release Note: Allow system property "zookeeper.clusterName", if defined, to be used as the instance portion of zookeeper server's Kerberos principal name. Otherwise, server's hostname will be used. (was: This patch does not yet contain any new tests.)
> Server principal on client side is derived using hostname.
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.3, 3.4.4, 3.5.0, 4.0.0
> Reporter: Laxman
> Assignee: Eugene Koontz
> Priority: Blocker
> Labels: Security, client, kerberos, sasl
> Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
> try {
> zooKeeperSaslClient = new ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like zookeeper/clusterid@HADOOP.COM where clusterid is the cluster identifier but not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (ZOOKEEPER-1467) Server principal on client side
is derived using hostname.
Posted by "Mahadev konar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13404312#comment-13404312 ]
Mahadev konar commented on ZOOKEEPER-1467:
------------------------------------------
Agree with Laxman here. I think we need to get rid of our system properties and should not be using it for configuration. Can we use the ZK config file?
> Server principal on client side is derived using hostname.
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.3, 3.4.4, 3.5.0, 4.0.0
> Reporter: Laxman
> Assignee: Eugene Koontz
> Priority: Blocker
> Labels: Security, client, kerberos, sasl
> Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
> try {
> zooKeeperSaslClient = new ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like zookeeper/clusterid@HADOOP.COM where clusterid is the cluster identifier but not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (ZOOKEEPER-1467) Server principal on client side
is derived using hostname.
Posted by "Eugene Koontz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eugene Koontz reassigned ZOOKEEPER-1467:
----------------------------------------
Assignee: Eugene Koontz
> Server principal on client side is derived using hostname.
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.3, 3.4.4, 3.5.0, 4.0.0
> Reporter: Laxman
> Assignee: Eugene Koontz
> Priority: Blocker
> Labels: Security, client, kerberos, sasl
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
> try {
> zooKeeperSaslClient = new ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like zookeeper/clusterid@HADOOP.COM where clusterid is the cluster identifier but not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (ZOOKEEPER-1467) Server principal on client side
is derived using hostname.
Posted by "Eugene Koontz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13278097#comment-13278097 ]
Eugene Koontz commented on ZOOKEEPER-1467:
------------------------------------------
Hi Laxman, can you take a look at this patch and see if it's what you had in mind?
Thanks,
-Eugene
> Server principal on client side is derived using hostname.
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.3, 3.4.4, 3.5.0, 4.0.0
> Reporter: Laxman
> Assignee: Eugene Koontz
> Priority: Blocker
> Labels: Security, client, kerberos, sasl
> Attachments: ZOOKEEPER-1467.patch
>
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
> try {
> zooKeeperSaslClient = new ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like zookeeper/clusterid@HADOOP.COM where clusterid is the cluster identifier but not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-1467) Server principal on client side
is derived using hostname.
Posted by "Eugene Koontz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eugene Koontz updated ZOOKEEPER-1467:
-------------------------------------
Attachment: ZOOKEEPER-1467.patch
Allows use of the 'zookeeper.clusterName' system property to specify the instance portion (the part after the slash character) of the Zookeeper server principal name.
> Server principal on client side is derived using hostname.
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.3, 3.4.4, 3.5.0, 4.0.0
> Reporter: Laxman
> Assignee: Eugene Koontz
> Priority: Blocker
> Labels: Security, client, kerberos, sasl
> Attachments: ZOOKEEPER-1467.patch
>
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
> try {
> zooKeeperSaslClient = new ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like zookeeper/clusterid@HADOOP.COM where clusterid is the cluster identifier but not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (ZOOKEEPER-1467) Server principal on client side
is derived using hostname.
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13278223#comment-13278223 ]
Hadoop QA commented on ZOOKEEPER-1467:
--------------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12527881/ZOOKEEPER-1467.patch
against trunk revision 1337029.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1079//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1079//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/1079//console
This message is automatically generated.
> Server principal on client side is derived using hostname.
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.3, 3.4.4, 3.5.0, 4.0.0
> Reporter: Laxman
> Assignee: Eugene Koontz
> Priority: Blocker
> Labels: Security, client, kerberos, sasl
> Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
> try {
> zooKeeperSaslClient = new ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like zookeeper/clusterid@HADOOP.COM where clusterid is the cluster identifier but not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira