Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-7298

Don't pass resolved IP address as hostname when creating proxy

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • Impala 2.12.0, Impala 3.1.0
    • Impala 3.1.0
    • Distributed Exec
    • None

    Description

      KrpcDataStreamSender passes a resolved IP address when creating a proxy. Instead, we should pass both the resolved address and the hostname when creating the proxy so that we won't end up using the IP address as the hostname in the Kerberos principal.

      Due to the oversight above, the following error may show up when running a build of 2.12.0 when a user has Kerberos enabled and specified impala/<some-hostname>@<some-domain> as the kerberos principal.

      WARNINGS: TransmitData() to X.X.X.X:27000 failed: Not authorized: Client connection negotiation failed: client connection to X.X.X.X:27000: Server impala/X.X.X.X@VPC.CLOUDERA.COM not found in Kerberos database

      The workaround for this problem is to have rdns=true in /etc/krb5.conf.

      Attachments

        Activity

          People

            kwho Michael Ho
            kwho Michael Ho
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: