Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-7298

Don't pass resolved IP address as hostname when creating proxy

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: Impala 2.12.0, Impala 3.1.0
    • Fix Version/s: Impala 3.1.0
    • Component/s: Distributed Exec
    • Labels:
      None

      Description

      KrpcDataStreamSender passes a resolved IP address when creating a proxy. Instead, we should pass both the resolved address and the hostname when creating the proxy so that we won't end up using the IP address as the hostname in the Kerberos principal.

      Due to the oversight above, the following error may show up when running a build of 2.12.0 when a user has Kerberos enabled and specified impala/<some-hostname>@<some-domain> as the kerberos principal.

      WARNINGS: TransmitData() to X.X.X.X:27000 failed: Not authorized: Client connection negotiation failed: client connection to X.X.X.X:27000: Server impala/X.X.X.X@VPC.CLOUDERA.COM not found in Kerberos database
      

      The workaround for this problem is to have rdns=true in /etc/krb5.conf.

        Attachments

          Activity

            People

            • Assignee:
              kwho Michael Ho
              Reporter:
              kwho Michael Ho
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: