Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2032

Kerberos authentication fails with rdns disabled in krb5.conf

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.3.1, 1.4.0
    • Fix Version/s: 1.3.2, 1.5.0, 1.4.1
    • Component/s: security
    • Labels:
      None

      Description

      Currently if 'rnds = false' is configured in krb5.conf, Kudu ends up using the IP addresses of remote hosts instead of the hostnames. This means that it will look for krb5 principals by IP, even if actual hostnames have been passed instead.

      This prevents krb5 from working properly in most environments where rdns=false is set.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tlipcon Todd Lipcon
                Reporter:
                tlipcon Todd Lipcon
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: