From dev-return-68613-archive-asf-public=cust-asf.ponee.io@hbase.apache.org  Wed Mar 14 16:03:22 2018
Return-Path: <dev-return-68613-archive-asf-public=cust-asf.ponee.io@hbase.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id 09DF2180654
	for <archive-asf-public@cust-asf.ponee.io>; Wed, 14 Mar 2018 16:03:21 +0100 (CET)
Received: (qmail 69416 invoked by uid 500); 14 Mar 2018 15:03:20 -0000
Mailing-List: contact dev-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@hbase.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@hbase.apache.org>
List-Post: <mailto:dev@hbase.apache.org>
List-Id: <dev.hbase.apache.org>
Reply-To: dev@hbase.apache.org
Delivered-To: mailing list dev@hbase.apache.org
Received: (qmail 69398 invoked by uid 99); 14 Mar 2018 15:03:20 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 14 Mar 2018 15:03:20 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 9E78E1806DE
	for <dev@hbase.apache.org>; Wed, 14 Mar 2018 15:03:19 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.898
X-Spam-Level: *
X-Spam-Status: No, score=1.898 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001,
	SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id YnAWbTzrRS4u for <dev@hbase.apache.org>;
	Wed, 14 Mar 2018 15:03:17 +0000 (UTC)
Received: from mail-wr0-f182.google.com (mail-wr0-f182.google.com [209.85.128.182])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 3E3185F6C3
	for <dev@hbase.apache.org>; Wed, 14 Mar 2018 15:03:17 +0000 (UTC)
Received: by mail-wr0-f182.google.com with SMTP id f14so5073310wre.8
        for <dev@hbase.apache.org>; Wed, 14 Mar 2018 08:03:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=hj3rN3HlxhudpVS35CukRrfrUjHBBRNLpRkyDFxem/A=;
        b=QIgK5Fa/CB1Xzb9lv9vxq5Dbbs2yWGputacPUo7DQZhU/+G4vkh7kmngqimnNeYEa2
         LqAYHaL5L/ZGiBP2M1tevU5VkThfuGdgZUb7xzFlRu9re6W+SIL4alXLTUe+hLLvSArV
         eLdyxl6S3f16XMPwOABvA2UakAlEys5zedTfYQ+KDHnmja5fMWg06c7lZqEsH29WtqBu
         HJaS7XF7lu9ASL+qLlLa8orQSt7vzAs+8/7tojTegTQNvYLD5uxR7oCfgspEplMzZrhe
         i/b0zqJNDzpdAm9V3p3zp60Op1TWCbWZLQ1DpsWLya/gplnwMhw0JZ3Ck2cTINRluEas
         ZqtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=hj3rN3HlxhudpVS35CukRrfrUjHBBRNLpRkyDFxem/A=;
        b=nu74q3ho8mozh8KEWdMy5En+J0lGEzRFUyIUpd3r0aDgt3zx81CikeTcfDgNyeZbzV
         heSS49EICeX8t+quHb08mtl0rawnyCIh2ohfDE274BqI7MZmxDSiY8Ivsv1ZDW8jVE8t
         tNcx1xsJmUIiyiFhUPI8Hd7Nqe3Yd2rF84rvLq7XFGRRs8PM0oN8KuAHS4bEwEkfz7an
         50brMMuxxYZaWEsNftprh5HcWTVO3ApLB9rnieYn+LqpbAlDGIBJxIOGU2YHjwpt5Nes
         awqHMgT6bUGP0sxibKuebs5oYA2frAVSptFkX08zKJPEYf/dmY502pHpk4tB5vc4QU9Z
         6i7A==
X-Gm-Message-State: AElRT7GvCg/oqNAcdGK7BRA+YT4Ow6XRZpXht3S6nuXdjcLWsUSXFEIG
	eW30C5O72hQNaIr9Bck3c0fUyseW1KT3KuFuexIBjt1z
X-Google-Smtp-Source: AG47ELtnFGG22e8LXa8uj8EX5dquiF1xeLH+XCdlTmi+Qf35yebUOTzt4H4pOEzCo27GUUncXzcqdXPX/HB7i/nCdQc=
X-Received: by 10.223.184.188 with SMTP id i57mr4223326wrf.105.1521039795714;
 Wed, 14 Mar 2018 08:03:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.74.139 with HTTP; Wed, 14 Mar 2018 08:03:14 -0700 (PDT)
From: Weizhan Zeng <qgweizhan@gmail.com>
Date: Wed, 14 Mar 2018 23:03:14 +0800
Message-ID: <CABxqnLfneAyiBLOBoDT=W=sN-UtHGugx2T+RUGXvcLDVrJ+mYg@mail.gmail.com>
Subject: TSaslServerTransport.TSaslServerDefinition serverName should get from
 principal , not DNS
To: dev@hbase.apache.org
Content-Type: multipart/alternative; boundary="f403045fa4c8b67ed8056760ac27"

--f403045fa4c8b67ed8056760ac27
Content-Type: text/plain; charset="UTF-8"

Hi, guys
    I use ThriftServer2 in kerberos , and I found some wrong  when  all
server's principal is "hbase/thriftserver2@domain.com".
when I look at the code and I  found something maybe not right ! When we
start Thrift Server , we get host from DNS

if (securityEnabled) {
  host = Strings.domainNamePointerToHostName(
      DNS.getDefaultHost(
          conf.get("hbase.thrift.dns.interface", "default"),
          conf.get("hbase.thrift.dns.nameserver", "default")));
  userProvider.login("hbase.thrift.keytab.file",
"hbase.thrift.kerberos.principal", host);
}

Because  my principal is  "hbase/thriftserver2@domain.com", not   "hbase/_
HOST@domain.com", So  when create  TTransportFactory, the host is the real
host name , for example A , but my principal user name is ""hbase/
thriftserver2@domain.com"
not "hbase/A@domain.com"

TTransportFactory transportFactory = getTTransportFactory(qop, name,
host, framed,
    conf.getInt("hbase.regionserver.thrift.framed.max_frame_size_in_mb",
2) * 1024 * 1024);

when the client do open a transport like below, transport =
TTransport.TSaslClientTransport(socket,"thriftserver2","hbase") , it will
not be right , so  I think we should get host from user , not the dns,
like below , tell me is i am wrong , thank you !

host = org.apache.hadoop.security.SecurityUtil.getHostFromPrincipal(userProvider.getCurrent().getName());

--f403045fa4c8b67ed8056760ac27--