[
https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940654#comment-16940654
]
Sujith Simon commented on ZOOKEEPER-1467:
-----------------------------------------
[~beeflyme] 4 letter commands discouraged and by default all of them other srvr
command are disabled.
Also users need to configure server principal to fallback on incase it fails to
get the principal from server, in such a case is not better idea to use the
configured principal itself ?
> Server principal on client side is derived using hostname.
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
> Affects Versions: 3.4.3, 3.4.4, 3.5.0
> Reporter: Laxman
> Assignee: Eugene Joseph Koontz
> Priority: Major
> Labels: Security, client, kerberos, pull-request-available, sasl
> Fix For: 3.6.0
>
> Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
> try {
> zooKeeperSaslClient = new
> ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like
> zookeeper/[email protected] where clusterid is the cluster identifier but
> not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
