Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-4030

Optionally canonicalize host names in quorum SASL authentication

    XMLWordPrintableJSON

    Details

      Description

      ZOOKEEPER-3156 introduced an option for canonicalizing the host name used by the Java client before starting SASL authentication, allowing Kerberos-authenticating servers to be referenced by CNAME.

      The example given in that ticket's description explains how without that option, the client would compose a non-functional principal akin to zookeeper/zk1.mycluster.mycompany.com@... instead of the required zookeeper/real-node.mycompany.com@....

      This is about introducing a similar option for server-to-server connections. It would allow enabling quorum SASL authentication for ensembles defined using {{CNAME}}s.

      (Self-assigning as I have been working on this.)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ztzg Damien Diederen
                Reporter:
                ztzg Damien Diederen
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 50m
                  50m