Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2032

Kerberos authentication fails with rdns disabled in krb5.conf

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 1.3.1, 1.4.0
    • 1.3.2, 1.5.0, 1.4.1
    • security
    • None

    Description

      Currently if 'rnds = false' is configured in krb5.conf, Kudu ends up using the IP addresses of remote hosts instead of the hostnames. This means that it will look for krb5 principals by IP, even if actual hostnames have been passed instead.

      This prevents krb5 from working properly in most environments where rdns=false is set.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            tlipcon Todd Lipcon
            tlipcon Todd Lipcon
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment