[ https://issues.apache.org/jira/browse/IMPALA-4978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16575612#comment-16575612 ]
Sailesh Mukil commented on IMPALA-4978: --------------------------------------- https://github.com/apache/impala/blob/3e17705ecaba0b6ab9ae929e6c7c409e0b6aea1d/be/src/rpc/authentication.cc#L787-L788 We already do this now since we get the principal from the Kudu security code, which already tries to get the FQDN. We should do the same here however: https://github.com/apache/impala/blob/3e17705ecaba0b6ab9ae929e6c7c409e0b6aea1d/be/src/rpc/authentication.cc#L814 And also make sure that our process wide hostname flag (FLAGS_hostname) has the same value: https://github.com/apache/impala/blob/7f9a74ffcaf1818f1f3c9d427557acca21a627da/be/src/common/init.cc#L191 > Impala should set the kerberos principal to the FQDN > ---------------------------------------------------- > > Key: IMPALA-4978 > URL: https://issues.apache.org/jira/browse/IMPALA-4978 > Project: IMPALA > Issue Type: Bug > Components: Security > Affects Versions: Impala 2.3.0 > Reporter: Sailesh Mukil > Assignee: Sailesh Mukil > Priority: Major > Labels: security > > Impala calls gethostname() to get the local system's name which is used as a > part of the kerberos principal. This usually works fine under most settings, > however, this is not guaranteed to return the FQDN of the host under certain > settings (Eg: possibly while using a DNS GSLB). > Impala should attempt to get the FQDN first which can be obtained by using > getaddrinfo(), and fallback to gethostname() otherwise. This is the behavior > of Hadoop, which we should try to match as closely as possible: > https://github.com/apache/hadoop/blob/master/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java#L169 -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org