bitterfox edited a comment on pull request #3051: URL: https://github.com/apache/hbase/pull/3051#issuecomment-799280295
A similar patch for the lower HBase version which we use worked well as our testing for our secure cluster without `/etc/hosts` and reverse lookup support. https://github.com/AdoptOpenJDK/openjdk-jdk11u/blob/c37060d131c4c77ea62e9f07b283a45969c85cd1/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java#L425-L428 This logic prevents to use of unresolved IP addresses. ``` String hostName = nameParts[1]; ``` hostName here is "regionserver1.example.com" for example with enabling `hbase.unsafe.client.kerberos.hostname.disable.reversedns` which I propose in this PR. ``` String canonicalized = (InetAddress.getByName(hostName)). getCanonicalHostName(); ``` canonicalized will be IP address if the reverse lookup isn't provided, then will be something like "12.34.56.4" ``` if (canonicalized.toLowerCase(Locale.ENGLISH).startsWith( hostName.toLowerCase(Locale.ENGLISH)+".")) { hostName = canonicalized; } ``` Then `canonicalized.toLowerCase(Locale.ENGLISH).startsWith(hostName.toLowerCase(Locale.ENGLISH)+".")` will be false and hostName is not updated by canonicalized and still "regionserver1.example.com" ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org