[jira] [Commented] (ZOOKEEPER-1467) Server principal on client side is derived using hostname.
[
https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16940654#comment-16940654
]
Sujith Simon commented on ZOOKEEPER-1467:
-
[~beeflyme] 4 letter commands discouraged and by default all of them other srvr
command are disabled.
Also users need to configure server principal to fallback on incase it fails to
get the principal from server, in such a case is not better idea to use the
configured principal itself ?
> Server principal on client side is derived using hostname.
> --
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
>Affects Versions: 3.4.3, 3.4.4, 3.5.0
>Reporter: Laxman
>Assignee: Eugene Joseph Koontz
>Priority: Major
> Labels: Security, client, kerberos, pull-request-available, sasl
> Fix For: 3.6.0
>
> Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
>try {
> zooKeeperSaslClient = new
> ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like
> zookeeper/cluste...@hadoop.com where clusterid is the cluster identifier but
> not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-1467) Server principal on client side is derived using hostname.
[
https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16940199#comment-16940199
]
caixiaofeng commented on ZOOKEEPER-1467:
https://github.com/apache/zookeeper/pull/1099/commits/8f013f4597521924c5f05977c26e5b62d989c5ac
the patch use the client set by guest code.
As 4letter command needs no auth,why not show the
zookeeper.server.principal by the server using 4letter word command.
then the get the server principal by four letter commands auto.
(if cant get by the 4leeter command, then can use the guest config)
-- this is the code in the patch
static String getServerPrincipal(WrapperInetSocketAddress addr,
ZKClientConfig clientConfig) {
String configuredServerPrincipal =
clientConfig.getProperty(ZKClientConfig.ZOOKEEPER_SERVER_PRINCIPAL);
if (configuredServerPrincipal != null) {
// If server principal is already configured then return it
return configuredServerPrincipal;
}
> Server principal on client side is derived using hostname.
> --
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
>Affects Versions: 3.4.3, 3.4.4, 3.5.0
>Reporter: Laxman
>Assignee: Eugene Joseph Koontz
>Priority: Major
> Labels: Security, client, kerberos, pull-request-available, sasl
> Fix For: 3.6.0
>
> Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
>try {
> zooKeeperSaslClient = new
> ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like
> zookeeper/cluste...@hadoop.com where clusterid is the cluster identifier but
> not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-1467) Server principal on client side is derived using hostname.
[
https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16939312#comment-16939312
]
Sujith Simon commented on ZOOKEEPER-1467:
-
[~arshad.mohammad] I would like to raise a PR for this. Will raise the PR
soon :)
> Server principal on client side is derived using hostname.
> --
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
>Affects Versions: 3.4.3, 3.4.4, 3.5.0
>Reporter: Laxman
>Assignee: Eugene Joseph Koontz
>Priority: Major
> Labels: Security, client, kerberos, sasl
> Fix For: 3.6.0
>
> Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
>try {
> zooKeeperSaslClient = new
> ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like
> zookeeper/cluste...@hadoop.com where clusterid is the cluster identifier but
> not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-1467) Server principal on client side is derived using hostname.
[
https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16939124#comment-16939124
]
Mohammad Arshad commented on ZOOKEEPER-1467:
is anybody interested in raising PR?
> Server principal on client side is derived using hostname.
> --
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
>Affects Versions: 3.4.3, 3.4.4, 3.5.0
>Reporter: Laxman
>Assignee: Eugene Joseph Koontz
>Priority: Major
> Labels: Security, client, kerberos, sasl
> Fix For: 3.6.0
>
> Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
>try {
> zooKeeperSaslClient = new
> ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like
> zookeeper/cluste...@hadoop.com where clusterid is the cluster identifier but
> not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-1467) Server principal on client side is derived using hostname.
[
https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16939123#comment-16939123
]
Mohammad Arshad commented on ZOOKEEPER-1467:
All other bigdata components like hdfs. yarn. hbase etc have exposed server
principals through configuration which clients configure to connect to servers.
I think we should add zookeeper.server.principal configuration.
> Server principal on client side is derived using hostname.
> --
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
>Affects Versions: 3.4.3, 3.4.4, 3.5.0
>Reporter: Laxman
>Assignee: Eugene Joseph Koontz
>Priority: Major
> Labels: Security, client, kerberos, sasl
> Fix For: 3.6.0
>
> Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
>try {
> zooKeeperSaslClient = new
> ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like
> zookeeper/cluste...@hadoop.com where clusterid is the cluster identifier but
> not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-1467) Server principal on client side is derived using hostname.
[
https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16938707#comment-16938707
]
Mohammad Arshad commented on ZOOKEEPER-1467:
[~rajeshhadoop] how to configure principal
zookeeper/hadoop.hadoop@hadoop.com without adding new configuration
provided hadoo.hadoo.com can not be configured as host ?
> Server principal on client side is derived using hostname.
> --
>
> Key: ZOOKEEPER-1467
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client
>Affects Versions: 3.4.3, 3.4.4, 3.5.0
>Reporter: Laxman
>Assignee: Eugene Joseph Koontz
>Priority: Major
> Labels: Security, client, kerberos, sasl
> Fix For: 3.6.0
>
> Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch
>
>
> Server principal on client side is derived using hostname.
> org.apache.zookeeper.ClientCnxn.SendThread.startConnect()
> {code}
>try {
> zooKeeperSaslClient = new
> ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
> }
> {code}
> This may have problems when admin wanted some customized principals like
> zookeeper/cluste...@hadoop.com where clusterid is the cluster identifier but
> not the host name.
> IMO, server principal also should be configurable as hadoop is doing.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
