[jira] [Commented] (IMPALA-7298) Don't pass resolved IP address as hostname when creating proxy

Tue, 28 May 2019 11:17:18 -0700 


    [ 
https://issues.apache.org/jira/browse/IMPALA-7298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16849997#comment-16849997
 ] 

ASF subversion and git services commented on IMPALA-7298:
---------------------------------------------------------

Commit 97ca8d1f4c24c21ba65b036580e27606bf4c939b in impala's branch 
refs/heads/2.x from Alex Rodoni
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=97ca8d1 ]

IMPALA-7299: [DOCS] A known issue with IMPALA-7298

Kerberos authentication fails with the reverse DNS lookup disabled.

Change-Id: I5b8104a2747b4e8051d4bdcab906486444680218
Reviewed-on: http://gerrit.cloudera.org:8080/10952
Reviewed-by: Sailesh Mukil <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>
Reviewed-on: http://gerrit.cloudera.org:8080/13449
Reviewed-by: Alex Rodoni <[email protected]>


> Don't pass resolved IP address as hostname when creating proxy
> --------------------------------------------------------------
>
>                 Key: IMPALA-7298
>                 URL: https://issues.apache.org/jira/browse/IMPALA-7298
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Distributed Exec
>    Affects Versions: Impala 2.12.0, Impala 3.1.0
>            Reporter: Michael Ho
>            Assignee: Michael Ho
>            Priority: Critical
>             Fix For: Impala 3.1.0
>
>
> {{KrpcDataStreamSender}} passes a resolved IP address when creating a proxy. 
> Instead, we should pass both the resolved address and the hostname when 
> creating the proxy so that we won't end up using the IP address as the 
> hostname in the Kerberos principal.
> Due to the oversight above, the following error may show up when running a 
> build of 2.12.0 when a user has Kerberos enabled and specified 
> {{impala/<some-hostname>@<some-domain>}} as the kerberos principal.
> {noformat}
> WARNINGS: TransmitData() to X.X.X.X:27000 failed: Not authorized: Client 
> connection negotiation failed: client connection to X.X.X.X:27000: Server 
> impala/[email protected] not found in Kerberos database
> {noformat}
> The workaround for this problem is to have {{rdns=true}} in 
> {{/etc/krb5.conf}}.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to