Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-1195

SASL authorizedID being incorrectly set: should use getHostName() rather than getServiceName()

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.4.0
    • Fix Version/s: 3.4.0
    • Component/s: None
    • Labels:
      None
    • Release Note:
      One-line fix for bug identified by Tom Klonikowski

      Description

      Tom Klonikowski writes:

      Hello developers,

      the SaslServerCallbackHandler in trunk changes the principal name
      service/host@REALM to service/service@REALM (i guess unintentionally).

      lines 131-133:
      if (!removeHost() && (kerberosName.getHostName() != null))

      { userName += "/" + kerberosName.getServiceName(); }

      Server Log:

      SaslServerCallbackHandler@115] - Successfully authenticated client:
      authenticationID=fetcher/ubook@QUINZOO;
      authorizationID=fetcher/ubook@QUINZOO.

      SaslServerCallbackHandler@137] - Setting authorizedID:
      fetcher/fetcher@QUINZOO

        Attachments

        1. SaslAuthNamingTest.java
          4 kB
          Tom Klonikowski
        2. ZOOKEEPER-1195.patch
          1 kB
          Eugene Koontz

          Issue Links

            Activity

              People

              • Assignee:
                ekoontz Eugene Koontz
                Reporter:
                ekoontz Eugene Koontz
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: