You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/12/24 13:34:00 UTC
[jira] [Updated] (ZOOKEEPER-4030) Optionally canonicalize host
names in quorum SASL authentication
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
ASF GitHub Bot updated ZOOKEEPER-4030:
--------------------------------------
Labels: pull-request-available (was: )
> Optionally canonicalize host names in quorum SASL authentication
> ----------------------------------------------------------------
>
> Key: ZOOKEEPER-4030
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4030
> Project: ZooKeeper
> Issue Type: New Feature
> Components: kerberos, quorum, server
> Affects Versions: 3.7.0
> Reporter: Damien Diederen
> Assignee: Damien Diederen
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> ZOOKEEPER-3156 introduced an option for canonicalizing the host name used by the Java client before starting SASL authentication, allowing Kerberos-authenticating servers to be referenced by {{CNAME}}.
> The example given in that ticket's description explains how without that option, the client would compose a non-functional principal akin to {{zookeeper/zk1.mycluster.mycompany.com@...}} instead of the required {{zookeeper/real-node.mycompany.com@...}}.
> This is about introducing a similar option for server-to-server connections. It would allow enabling quorum SASL authentication for ensembles defined using {{CNAME}}s.
> (Self-assigning as I have been working on this.)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)