Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-1195

SASL authorizedID being incorrectly set: should use getHostName() rather than getServiceName()

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.4.0
    • 3.4.0
    • None
    • None
    • One-line fix for bug identified by Tom Klonikowski

    Description

      Tom Klonikowski writes:

      Hello developers,

      the SaslServerCallbackHandler in trunk changes the principal name
      service/host@REALM to service/service@REALM (i guess unintentionally).

      lines 131-133:
      if (!removeHost() && (kerberosName.getHostName() != null))

      { userName += "/" + kerberosName.getServiceName(); }

      Server Log:

      SaslServerCallbackHandler@115] - Successfully authenticated client:
      authenticationID=fetcher/ubook@QUINZOO;
      authorizationID=fetcher/ubook@QUINZOO.

      SaslServerCallbackHandler@137] - Setting authorizedID:
      fetcher/fetcher@QUINZOO

      Attachments

        1. ZOOKEEPER-1195.patch
          1 kB
          Eugene Joseph Koontz
        2. SaslAuthNamingTest.java
          4 kB
          Tom Klonikowski

        Issue Links

          depends upon

          New Feature - A new feature of the product, which has yet to be developed. ZOOKEEPER-938 Support Kerberos authentication of clients.

          • Major - Major loss of function.
          • Closed
          is part of

          Sub-task - The sub-task of the issue ZOOKEEPER-1201 Clean SaslServerCallbackHandler.java

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. ZOOKEEPER-1196 improve Kerberos name parsing and canonicalization testing

          • Major - Major loss of function.
          • Open

          Activity

            People

              ekoontz Eugene Joseph Koontz
              ekoontz Eugene Joseph Koontz
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: