[jira] [Commented] (IMPALA-9116) SASL server fails when FQDN is greater than 63 characters long in Kudu RPC

Fri, 01 Nov 2019 15:34:58 -0700 


    [ 
https://issues.apache.org/jira/browse/IMPALA-9116?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16965131#comment-16965131
 ] 

ASF subversion and git services commented on IMPALA-9116:
---------------------------------------------------------

Commit b28d56f5b42acef8f95890d647700ef9b8c7ea66 in impala's branch 
refs/heads/master from Todd Lipcon
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=b28d56f ]

IMPALA-9116: KUDU-2989. Work around SASL bug when FQDN is >=64 characters

This adds a workaround for an upstream SASL bug which is triggered when
the FQDN has more than 64 characters. In this case, SASL would truncate
the FQDN and not be able to find the relevant keytab.

The workaround simply uses our own code to determine the FQDN.

Change-Id: I9f05f70915ed20c97efd0ae7295b181a010cf0f6

Change-Id: I4898814f2f7ab87151798336414dde7078d28a4a
Reviewed-on: http://gerrit.cloudera.org:8080/14609
Reviewed-by: Anurag Mantripragada <[email protected]>
Reviewed-by: Adar Dembo <[email protected]>
Tested-by: Kudu Jenkins
Reviewed-on: http://gerrit.cloudera.org:8080/14614
Reviewed-by: Todd Lipcon <[email protected]>
Reviewed-by: Michael Ho <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>


> SASL server fails when FQDN is greater than 63 characters long in Kudu RPC
> --------------------------------------------------------------------------
>
>                 Key: IMPALA-9116
>                 URL: https://issues.apache.org/jira/browse/IMPALA-9116
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Backend
>    Affects Versions: Impala 3.3.0
>            Reporter: Anurag Mantripragada
>            Priority: Critical
>             Fix For: Impala 3.4.0
>
>
> In the current Kudu RPC implementation, we don't explicitly pass the host's 
> FQDN into the SASL library. Due to an upstream SASL bug 
> ([https://github.com/cyrusimap/cyrus-sasl/issues/583]) the FQDN gets 
> truncated when trying to determine the server's principal, in the case that 
> the server's fQDN is longer than 64 characters.
> This results in startup failures where the preflight checks fail due to not 
> finding the appropriate keytab entry (after searching for a truncated host 
> name)
> To work around this, we should use our own code to compute the FQDN.
> Kudu is making the changes in it's own implementation here:
> https://issues.apache.org/jira/browse/KUDU-2989, we should do the same.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to