Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2096

Document necessary configuration for Kerberos with master CNAMEs

    XMLWordPrintableJSON

Details

    • Task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • documentation, security
    • None

    Description

      Currently our docs recommend using CNAMEs for master addresses to simplify moving them around. However, if clients connect to a master with its non-canonical name, there are some complications with Kerberos principals, etc. We should test and document the necessary steps for such a configuration.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. KUDU-2142 Client should resolve the canonical master hostname before connecting

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. KUDU-2032 Kerberos authentication fails with rdns disabled in krb5.conf

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. KUDU-2103 Java client doesn't work on a Kerberized cluster with DNS aliases for masters

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              tlipcon Todd Lipcon
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: