zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2858) Disable reverse DNS lookup for java client
Date Tue, 01 Aug 2017 07:53:02 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16108534#comment-16108534
] 

Andrey commented on ZOOKEEPER-2858:
-----------------------------------

Wow [~beeflyme]! Thank  you for suggestions!

1) Looks like ZOOKEEPER-1467 available only in 3.5.x branch. Will switch to it after official
release 
2) custom dns provider sounds really hacky :) Will give a try. However it might be dangerous
as it will affect all dns resolution across the JVM. So everyone who reading this, beware
:)

> Disable reverse DNS lookup for java client
> ------------------------------------------
>
>                 Key: ZOOKEEPER-2858
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2858
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: java client
>    Affects Versions: 3.4.6
>            Reporter: Andrey
>
> I have the following setup:
> - zookeeper server running in docker container
> - kerberos auth
> When client setup sasl connection it creates service principal name as:
> - "principalUserName+"/"+addr.getHostName()",
> where:
> - addr.getHostName is the reverse DNS of original server host.
> If zookeeper nodes will be deployed behind the firewall or software defined network (the
docker case), then reverse DNS host won't match original server host. And this is done by
design.
> If these hosts won't match, then principals won't match and Kerberos auth will fail.
> Is it possible to introduce some configuration parameter to disable reverse DNS lookups?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message