[
https://issues.apache.org/jira/browse/ZOOKEEPER-1195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13109357#comment-13109357
]
Tom Klonikowski commented on ZOOKEEPER-1195:
--------------------------------------------
I started writing a test. The attached version is missing an auth_to_local rule
to become independent from/not interfere with local default krb-config. Maybe
its useful though.
> SASL authorizedID being incorrectly set: should use getHostName() rather than
> getServiceName()
> ----------------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-1195
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1195
> Project: ZooKeeper
> Issue Type: Bug
> Reporter: Eugene Koontz
> Assignee: Eugene Koontz
> Attachments: SaslAuthNamingTest.java, ZOOKEEPER-1195.patch
>
>
> Tom Klonikowski writes:
> Hello developers,
> the SaslServerCallbackHandler in trunk changes the principal name
> service/host@REALM to service/service@REALM (i guess unintentionally).
> lines 131-133:
> if (!removeHost() && (kerberosName.getHostName() != null)) {
> userName += "/" + kerberosName.getServiceName();
> }
> Server Log:
> SaslServerCallbackHandler@115] - Successfully authenticated client:
> authenticationID=fetcher/ubook@QUINZOO;
> authorizationID=fetcher/ubook@QUINZOO.
> SaslServerCallbackHandler@137] - Setting authorizedID:
> fetcher/fetcher@QUINZOO
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
