Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3156

ZOOKEEPER-2184 causes kerberos principal to not have resolved host name

    XMLWordPrintableJSON

    Details

      Description

      Prior to ZOOKEEPER-2184 the zookeeper client would canonicalize a configured host name before creating the SASL client which is used to create the principal name.  After ZOOKEEPER-2184 that canonicalization does not happen so the principal that the ZK client tries to use when it is configured to talk to a CName is different between 3.4.13 and all previous versions of ZK.

       

      For example

       

      zk1.mycluster.mycompany.com maps to real-node.mycompany.com.

       

      3.4.13 will want the server to have zookeeper/zk1.mycluster.com@KDC.MYCOMPANY.COM

      3.4.12 wants the server to have zookeeper/real-node.mycompany.com@KDC.MYCOMPANY.COM

       

      This makes 3.4.13 incompatible with many ZK setups currently in existence.  It would be nice to have that resolution be optional because in some cases it might be nice to have a single principal tied to the cname.

        Attachments

          Activity

            People

            • Assignee:
              revans2 Robert Joseph Evans
              Reporter:
              revans2 Robert Joseph Evans
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 12h 20m
                12h 20m