Michael Ho created IMPALA-7298:
----------------------------------
Summary: Need to pass a FQDN instead of resolved IP address as
hostname when creating proxy
Key: IMPALA-7298
URL: https://issues.apache.org/jira/browse/IMPALA-7298
Project: IMPALA
Issue Type: Bug
Components: Distributed Exec
Affects Versions: Impala 2.12.0, Impala 3.1.0
Reporter: Michael Ho
Assignee: Michael Ho
{{KrpcDataStreamSender}} passes a resolved IP address when creating a proxy.
Instead, we should pass both the resolved address and the FQDN when creating
the proxy so that we won't end up using the IP address as the hostname in the
Kerberos principal.
Due to the oversight above, the following error may show up when running a
build of 2.12.0 when a user has Kerberos enabled and specified
{{impala/<some-hostname>@<some-domain>}} as the kerberos principal.
{noformat}
WARNINGS: TransmitData() to X.X.X.X:27000 failed: Not authorized: Client
connection negotiation failed: client connection to X.X.X.X:27000: Server
impala/[email protected] not found in Kerberos database
{noformat}
The workaround for this problem is to have {{rdns=true}} in {{/etc/krb5.conf}}.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
