storm-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Derek Dagit <da...@apache.org>
Subject Re: DigestSaslTransportPlugin hardcode "localhost" server
Date Wed, 01 Jul 2020 02:26:29 GMT
Yes, it probably could be considered a bug.

As we were adding authentication and authorization to the project, we
did so for Thrift servers via these plugins. Our team was soon after
required to use Kerberos/SASL because of production environment and
security constraints. So we moved on using the Kerberos plugin
exclusively.

I imagine—but I do not specifically recall—that Andy did test
successfully at the time using a non-production environment—possibly
even with the client and server both on the same 'localhost'. The
intention with these plugins was always that they could be configured in
a production environment, and so it seems to me that this value could be
made configurable rather than hard-coded.
 
-- 
Derek

On Tue, Jun 30, 2020 at 04:56:22PM -0500, Ethan Li wrote:
> 
> This looks like a bug. But I have never used this plugin so I am not sure at this moment.
Do you have a stack trace that I can take a look?
> 
> > On Jun 26, 2020, at 7:06 AM, Liang Zhao <alpha.roc@gmail.com> wrote:
> >
> > Hi,
> >
> > Due to not being able to use Kerberos, we are exploring
> > the DigestSaslTransportPlugin/PlainSaslTransportPlugin as an alternative.
> > However, when we try to set up a storm cluster with
> > DigestSaslTransportPlugin on kubernetes, we came across errors that
> > SaslException, that digest response format violation, Mismatched URI,
> > storm_thrift_server/nimbus; expecting storm_thrift_server/localhost.
> >
> > A close look at the code indicates there is a hardcode "localhost" in the
> > plugin, and this code has been there for many years.
> >
> > https://github.com/apache/storm/blob/master/storm-client/src/jvm/org/apache/storm/security/auth/digest/DigestSaslTransportPlugin.java#L53
> >
> > I'm a bit puzzled as if this is intentional and can be walked around in
> > configuration or it's a bug that should be fixed?
> >
> > Thanks,
> > Liang
> 

Mime
View raw message