[
https://issues.apache.org/jira/browse/HBASE-15254?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ashish Singhi updated HBASE-15254:
----------------------------------
Description:
HBase replication will not work with Kerberos cross realm trust when domain
name in the principal is not hostname.
A mail was also sent related to this in user mailing list, [mail |
https://groups.google.com/forum/#!topic/nosql-databases/AYhQnU9Fc7E]
The problem here is when ever a user adds a new host to cluster he/she also
needs to add a principal name for that host in KDC, generate a new keytab file
and update it across other hosts accordingly if required.
To save all this efforts users may prefer to have a fixed domain name in the
principal for all the hosts and in that case HBase replication will fail
because currently we are using client principal to create sasl client instead
we need to use server principal to create sasl client and establish the sasl
context
was:
HBase replication will not work with Kerberos cross realm trust when domain
name in the principal is not hostname.
A mail was also sent related to this in user mailing list, [mail |
https://groups.google.com/forum/#!topic/nosql-databases/AYhQnU9Fc7E]
The problem here is when ever a user adds a new host to cluster he/she also
needs to add a principal name for that host in KDC, generate a new keytab file
and update it across other hosts accordingly if required.
To save all this efforts users may prefer to have a fixed domain name in the
principal for all the hosts and in that case HBase replication will fail.
> Support fixed domain name in Kerberos name for HBase replication cross realm
> trust setup
> ----------------------------------------------------------------------------------------
>
> Key: HBASE-15254
> URL: https://issues.apache.org/jira/browse/HBASE-15254
> Project: HBase
> Issue Type: Improvement
> Reporter: Ashish Singhi
> Assignee: Ashish Singhi
> Labels: kerberos, replication, security
>
> HBase replication will not work with Kerberos cross realm trust when domain
> name in the principal is not hostname.
> A mail was also sent related to this in user mailing list, [mail |
> https://groups.google.com/forum/#!topic/nosql-databases/AYhQnU9Fc7E]
> The problem here is when ever a user adds a new host to cluster he/she also
> needs to add a principal name for that host in KDC, generate a new keytab
> file and update it across other hosts accordingly if required.
> To save all this efforts users may prefer to have a fixed domain name in the
> principal for all the hosts and in that case HBase replication will fail
> because currently we are using client principal to create sasl client instead
> we need to use server principal to create sasl client and establish the sasl
> context
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
