Robert Joseph Evans created ZOOKEEPER-3156:
----------------------------------------------
Summary: ZOOKEEPER-2184 causes kerberos principal to not have
resolved host name
Key: ZOOKEEPER-3156
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3156
Project: ZooKeeper
Issue Type: Bug
Components: java client
Affects Versions: 3.4.13
Reporter: Robert Joseph Evans
Assignee: Robert Joseph Evans
Prior to ZOOKEEPER-2184 the zookeeper client would canonicalize a configured
host name before creating the SASL client which is used to create the principal
name. After ZOOKEEPER-2184 that canonicalization does not happen so the
principal that the ZK client tries to use when it is configured to talk to a
CName is different between 3.4.13 and all previous versions of ZK.
For example
zk1.mycluster.mycompany.com maps to real-node.mycompany.com.
3.4.13 will want the server to have
[zookeeper/[email protected]|mailto:zookeeper/[email protected]]
3.4.12 wants the server to have
[zookeeper/[email protected]|mailto:zookeeper/[email protected]]
This makes 3.4.13 incompatible with many ZK setups currently in existence. It
would be nice to have that resolution be optional because in some cases it
might be nice to have a single principal tied to the cname.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
