You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If dns_canonicalize_hostname is set to true (the default value), the client performs forward resolution by looking up the IPv4 and/or IPv6 addresses of the hostname using getaddrinfo(). This process will typically add a domain suffix to the hostname if needed, and follow CNAME records in the DNS.
When doing kerberos authentication, gokrb5 reads the dns_canonicalize_hostname value and set DNSCanonicalizeHostname to true (https://github.com/jcmturner/gokrb5/blob/master/v8/config/krb5conf.go#LL182C1-L182C1), but it's not read by github.com/colinmarc/hdfs/v2. The hdfs lib does Kerberos handshake with the name node hostnames in hdfs-site.xml, not resolving to their CNAMEs.
It bothers me when the name nodes are registered by their FQDNs, but their LB names are set in the hdfs-site.xml -- something I'm no able to change.
I can bypass the issue by running net.LookupCNAME to overwrite the ClientOptions.Addresses before initializing a client, but I think it will be great if it can be handled inside the lib.
The text was updated successfully, but these errors were encountered:
According to the doc: https://web.mit.edu/kerberos/krb5-devel/doc/admin/princ_dns.html#service-principal-canonicalization
When doing kerberos authentication, gokrb5 reads the
dns_canonicalize_hostname
value and setDNSCanonicalizeHostname
to true (https://github.com/jcmturner/gokrb5/blob/master/v8/config/krb5conf.go#LL182C1-L182C1), but it's not read by github.com/colinmarc/hdfs/v2. The hdfs lib does Kerberos handshake with the name node hostnames in hdfs-site.xml, not resolving to their CNAMEs.It bothers me when the name nodes are registered by their FQDNs, but their LB names are set in the hdfs-site.xml -- something I'm no able to change.
I can bypass the issue by running
net.LookupCNAME
to overwrite theClientOptions.Addresses
before initializing a client, but I think it will be great if it can be handled inside the lib.The text was updated successfully, but these errors were encountered: