[
https://issues.apache.org/jira/browse/HBASE-15254?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ashish Singhi reassigned HBASE-15254:
-------------------------------------
Assignee: (was: Ashish Singhi)
Unassigned as I will be not be able to work on it in the near future.
> Support fixed domain name in Kerberos name for HBase replication cross realm
> trust setup
> ----------------------------------------------------------------------------------------
>
> Key: HBASE-15254
> URL: https://issues.apache.org/jira/browse/HBASE-15254
> Project: HBase
> Issue Type: Improvement
> Reporter: Ashish Singhi
> Priority: Major
> Labels: kerberos, replication, security
>
> HBase replication will not work with Kerberos cross realm trust when domain
> name in the principal is not hostname.
> A mail was also sent related to this in user mailing list, [mail |
> https://groups.google.com/forum/#!topic/nosql-databases/AYhQnU9Fc7E]
> The problem here is when ever a user adds a new host to cluster he/she also
> needs to add a principal name for that host in KDC, generate a new keytab
> file and update it across other hosts accordingly if required.
> To save all this efforts users may prefer to have a fixed domain name in the
> principal for all the hosts and in that case HBase replication will fail
> because currently we are using client principal to create sasl client instead
> we need to use server principal to create sasl client and establish the sasl
> context
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
