hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Weizhan Zeng <qgweiz...@gmail.com>
Subject TSaslServerTransport.TSaslServerDefinition serverName should get from principal , not DNS
Date Wed, 14 Mar 2018 15:03:14 GMT
Hi, guys
    I use ThriftServer2 in kerberos , and I found some wrong  when  all
server's principal is "hbase/thriftserver2@domain.com".
when I look at the code and I  found something maybe not right ! When we
start Thrift Server , we get host from DNS

if (securityEnabled) {
  host = Strings.domainNamePointerToHostName(
      DNS.getDefaultHost(
          conf.get("hbase.thrift.dns.interface", "default"),
          conf.get("hbase.thrift.dns.nameserver", "default")));
  userProvider.login("hbase.thrift.keytab.file",
"hbase.thrift.kerberos.principal", host);
}

Because  my principal is  "hbase/thriftserver2@domain.com", not   "hbase/_
HOST@domain.com", So  when create  TTransportFactory, the host is the real
host name , for example A , but my principal user name is ""hbase/
thriftserver2@domain.com"
not "hbase/A@domain.com"

TTransportFactory transportFactory = getTTransportFactory(qop, name,
host, framed,
    conf.getInt("hbase.regionserver.thrift.framed.max_frame_size_in_mb",
2) * 1024 * 1024);

when the client do open a transport like below, transport =
TTransport.TSaslClientTransport(socket,"thriftserver2","hbase") , it will
not be right , so  I think we should get host from user , not the dns,
like below , tell me is i am wrong , thank you !

host = org.apache.hadoop.security.SecurityUtil.getHostFromPrincipal(userProvider.getCurrent().getName());

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message