Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
3.4.6
-
None
-
None
Description
I have the following setup:
- zookeeper server running in docker container
- kerberos auth
When client setup sasl connection it creates service principal name as:
- "principalUserName+"/"+addr.getHostName()",
where:
- addr.getHostName is the reverse DNS of original server host.
If zookeeper nodes will be deployed behind the firewall or software defined network (the docker case), then reverse DNS host won't match original server host. And this is done by design.
If these hosts won't match, then principals won't match and Kerberos auth will fail.
Is it possible to introduce some configuration parameter to disable reverse DNS lookups?