Hi, guys
I use ThriftServer2 in kerberos , and I found some wrong when all
server's principal is "hbase/[email protected]".
when I look at the code and I found something maybe not right ! When we
start Thrift Server , we get host from DNS
if (securityEnabled) {
host = Strings.domainNamePointerToHostName(
DNS.getDefaultHost(
conf.get("hbase.thrift.dns.interface", "default"),
conf.get("hbase.thrift.dns.nameserver", "default")));
userProvider.login("hbase.thrift.keytab.file",
"hbase.thrift.kerberos.principal", host);
}
Because my principal is "hbase/[email protected]", not "hbase/_
[email protected]", So when create TTransportFactory, the host is the real
host name , for example A , but my principal user name is ""hbase/
[email protected]"
not "hbase/[email protected]"
TTransportFactory transportFactory = getTTransportFactory(qop, name,
host, framed,
conf.getInt("hbase.regionserver.thrift.framed.max_frame_size_in_mb",
2) * 1024 * 1024);
when the client do open a transport like below, transport =
TTransport.TSaslClientTransport(socket,"thriftserver2","hbase") , it will
not be right , so I think we should get host from user , not the dns,
like below , tell me is i am wrong , thank you !
host =
org.apache.hadoop.security.SecurityUtil.getHostFromPrincipal(userProvider.getCurrent().getName());
