Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-4030

Optionally canonicalize host names in quorum SASL authentication

    XMLWordPrintableJSON

Details

    Description

      ZOOKEEPER-3156 introduced an option for canonicalizing the host name used by the Java client before starting SASL authentication, allowing Kerberos-authenticating servers to be referenced by CNAME.

      The example given in that ticket's description explains how without that option, the client would compose a non-functional principal akin to zookeeper/zk1.mycluster.mycompany.com@... instead of the required zookeeper/real-node.mycompany.com@....

      This is about introducing a similar option for server-to-server connections. It would allow enabling quorum SASL authentication for ensembles defined using {{CNAME}}s.

      (Self-assigning as I have been working on this.)

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #1564

          Activity

            People

              ztzg Damien Diederen
              ztzg Damien Diederen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 50m
                  50m