[
https://issues.apache.org/jira/browse/HADOOP-7510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13079396#comment-13079396
]
Daryn Sharp commented on HADOOP-7510:
-------------------------------------
Yes, thank you for the considerations. You'll be glad to know that I have
already carefully considered those concerns. I found a means of ensuring that
an {{InetSocketAddress}} is constructed such that {{getHostName}} will return
the exact host (whether hostname, cname, ip, etc) used to instantiate the
object. That will allow {{ipc.Client}} to correctly match the tokens. Dns
re-lookups are prevented which is important because:
# If a cname is used, then the resolved ip may point to a hostname that if
resolved again will return a different ip. Ex. nn.domain is a cname for either
nn1.domain or nn2.domain. The site may toggle the cname but {{ipc.Client}}
will not reconnect to the proper host. Ie. cname (nn.domain) -> ip -> hostname
(nn1.domain).
# If an exact ip is used, the ip may not resolve to a hostname which will cause
failures. Or the user explicitly wants to connect to only that ip -- one
example may be for testing, or because dns is fouled. Using a dns lookup may
cause the client to unexpectedly connect to a different ip.
> Tokens should use original hostname provided instead of ip
> ----------------------------------------------------------
>
> Key: HADOOP-7510
> URL: https://issues.apache.org/jira/browse/HADOOP-7510
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Fix For: 0.20.205.0
>
>
> Tokens currently store the ip:port of the remote server. This precludes
> tokens from being used after a host's ip is changed. Tokens should store the
> hostname used to make the RPC connection. This will enable new processes to
> use their existing tokens.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
