Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-2858

Disable reverse DNS lookup for java client

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 3.4.6
    • None
    • java client
    • None

    Description

      I have the following setup:

      • zookeeper server running in docker container
      • kerberos auth

      When client setup sasl connection it creates service principal name as:

      • "principalUserName+"/"+addr.getHostName()",

      where:

      • addr.getHostName is the reverse DNS of original server host.

      If zookeeper nodes will be deployed behind the firewall or software defined network (the docker case), then reverse DNS host won't match original server host. And this is done by design.

      If these hosts won't match, then principals won't match and Kerberos auth will fail.

      Is it possible to introduce some configuration parameter to disable reverse DNS lookups?

      Attachments

        Activity

          People

            Unassigned Unassigned
            dernasherbrezon Andrey
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated: