Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-4030

Optionally canonicalize host names in quorum SASL authentication

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

      Description

      ZOOKEEPER-3156 introduced an option for canonicalizing the host name used by the Java client before starting SASL authentication, allowing Kerberos-authenticating servers to be referenced by CNAME.

      The example given in that ticket's description explains how without that option, the client would compose a non-functional principal akin to zookeeper/zk1.mycluster.mycompany.com@... instead of the required zookeeper/real-node.mycompany.com@....

      This is about introducing a similar option for server-to-server connections. It would allow enabling quorum SASL authentication for ensembles defined using {{CNAME}}s.

      (Self-assigning as I have been working on this.)

        Attachments

          Activity

            People

            • Assignee:
              ztzg Damien Diederen
              Reporter:
              ztzg Damien Diederen

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 50m
                50m

                  Issue deployment