[
https://issues.apache.org/jira/browse/ZOOKEEPER-3156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16629283#comment-16629283
]
Andor Molnar commented on ZOOKEEPER-3156:
-----------------------------------------
I like the idea of having a configuration switch for that, because I'm not
entirely sure what would be the right behaviour.
[~revans2] Do you have a patch already?
> ZOOKEEPER-2184 causes kerberos principal to not have resolved host name
> -----------------------------------------------------------------------
>
> Key: ZOOKEEPER-3156
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3156
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.6.0, 3.4.13, 3.5.5
> Reporter: Robert Joseph Evans
> Assignee: Robert Joseph Evans
> Priority: Blocker
>
> Prior to ZOOKEEPER-2184 the zookeeper client would canonicalize a configured
> host name before creating the SASL client which is used to create the
> principal name. After ZOOKEEPER-2184 that canonicalization does not happen
> so the principal that the ZK client tries to use when it is configured to
> talk to a CName is different between 3.4.13 and all previous versions of ZK.
>
> For example
>
> zk1.mycluster.mycompany.com maps to real-node.mycompany.com.
>
> 3.4.13 will want the server to have
> [zookeeper/zk1.mycluster....@kdc.mycompany.com|mailto:zookeeper/zk1.mycluster....@kdc.mycompany.com]
> 3.4.12 wants the server to have
> [zookeeper/real-node.mycompany....@kdc.mycompany.com|mailto:zookeeper/real-node.mycompany....@kdc.mycompany.com]
>
> This makes 3.4.13 incompatible with many ZK setups currently in existence.
> It would be nice to have that resolution be optional because in some cases it
> might be nice to have a single principal tied to the cname.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
