Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2032

Kerberos authentication fails with rdns disabled in krb5.conf

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 1.3.1, 1.4.0
    • 1.3.2, 1.5.0, 1.4.1
    • security
    • None

    Description

      Currently if 'rnds = false' is configured in krb5.conf, Kudu ends up using the IP addresses of remote hosts instead of the hostnames. This means that it will look for krb5 principals by IP, even if actual hostnames have been passed instead.

      This prevents krb5 from working properly in most environments where rdns=false is set.

      Attachments

        Issue Links

          is related to

          Task - A task that needs to be done. KUDU-2096 Document necessary configuration for Kerberos with master CNAMEs

          • Major - Major loss of function.
          • Open

          Activity

            People

              tlipcon Todd Lipcon
              tlipcon Todd Lipcon
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: