zookeeper-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sujith Simon (Jira)" <j...@apache.org>
Subject [jira] [Comment Edited] (ZOOKEEPER-1467) Server principal on client side is derived using hostname.
Date Mon, 30 Sep 2019 05:03:00 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940654#comment-16940654
] 

Sujith Simon edited comment on ZOOKEEPER-1467 at 9/30/19 5:02 AM:
------------------------------------------------------------------

[~beeflyme] 4 letter commands discouraged and by default all of them other than srvr
command are disabled. 
 Also users need to configure server principal to fallback on incase it fails to get the principal from server,
in such a case is not better idea to use the configured principal itself ?


was (Author: sujithsimon22):
[~beeflyme] 4 letter commands discouraged and by default all of them other srvr command
are disabled. 
Also users need to configure server principal to fallback on incase it fails to get the principal from server,
in such a case is not better idea to use the configured principal itself ?

> Server principal on client side is derived using hostname.
> ----------------------------------------------------------
>
>                 Key: ZOOKEEPER-1467
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: java client
>    Affects Versions: 3.4.3, 3.4.4, 3.5.0
>            Reporter: Laxman
>            Assignee: Eugene Joseph Koontz
>            Priority: Major
>              Labels: Security, client, kerberos, pull-request-available, sasl
>             Fix For: 3.6.0
>
>         Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
>            try {
>                 zooKeeperSaslClient = new ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
>             }
> {code}
> This may have problems when admin wanted some customized principals like zookeeper/clusterid@HADOOP.COM
where clusterid is the cluster identifier but not the host name.
> IMO, server principal also should be configurable as hadoop is doing.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message