zookeeper-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "caixiaofeng (Jira)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-1467) Server principal on client side is derived using hostname.
Date Sun, 29 Sep 2019 01:35:00 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940199#comment-16940199
] 

caixiaofeng commented on ZOOKEEPER-1467:
----------------------------------------

https://github.com/apache/zookeeper/pull/1099/commits/8f013f4597521924c5f05977c26e5b62d989c5ac

       the patch use the client set by guest code.
       As 4letter command needs no auth,why not show the zookeeper.server.principal by the
server using 4letter word command. 
       then the get the server principal by four letter commands auto.  
      (if cant get by the 4leeter command, then can use the guest config)
------ this is the code in the patch
                static String getServerPrincipal(WrapperInetSocketAddress addr, ZKClientConfig
clientConfig) {
 	 	String configuredServerPrincipal = clientConfig.getProperty(ZKClientConfig.ZOOKEEPER_SERVER_PRINCIPAL);
 	 	if (configuredServerPrincipal != null) {
 	 	// If server principal is already configured then return it
 	 	return configuredServerPrincipal;
 	 	}

> Server principal on client side is derived using hostname.
> ----------------------------------------------------------
>
>                 Key: ZOOKEEPER-1467
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: java client
>    Affects Versions: 3.4.3, 3.4.4, 3.5.0
>            Reporter: Laxman
>            Assignee: Eugene Joseph Koontz
>            Priority: Major
>              Labels: Security, client, kerberos, pull-request-available, sasl
>             Fix For: 3.6.0
>
>         Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
>            try {
>                 zooKeeperSaslClient = new ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
>             }
> {code}
> This may have problems when admin wanted some customized principals like zookeeper/clusterid@HADOOP.COM
where clusterid is the cluster identifier but not the host name.
> IMO, server principal also should be configurable as hadoop is doing.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message