Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Kerberos] Use canonical host name with SPNEGO test #32588

Merged
merged 1 commit into from
Aug 6, 2018
Merged

[Kerberos] Use canonical host name with SPNEGO test #32588

merged 1 commit into from
Aug 6, 2018

Conversation

bizybot
Copy link
Contributor

@bizybot bizybot commented Aug 2, 2018

The Apache Http components support for Spnego scheme
uses the canonical hostname by default.
On Centos, by default, there are other aliases like
localhost.localdomain, localhost4, localhost4.localdomain4.
This commit modifies where we resolve hostname to use
getCanonicalHostName instead of getHostName and adds
DelegationPermission to security policy
for the alternate aliases of localhost.

Closes#32498

[Kerberos] Use canonical host name
0272de7 
The Apache Http components support for Spnego scheme
uses canonical name by default.
Also when resolving host name, on centos by default
there are other aliases so adding them to the
DelegationPermission.

Closes#32498
@bizybot bizybot added >test Issues or PRs that are addressing/adding tests v7.0.0 :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v6.4.0 v6.5.0 labels Aug 2, 2018
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

@bizybot bizybot changed the title [Kerberos] Use canonical host name [Kerberos] Use canonical host name with SPNEGO test Aug 2, 2018
tvernum
tvernum approved these changes Aug 3, 2018
View reviewed changes
Copy link
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bizybot bizybot merged commit 615aa85 into elastic:master Aug 6, 2018
bizybot added a commit that referenced this pull request Aug 6, 2018
@bizybot
[Kerberos] Use canonical host name (#32588)
f102836 
The Apache Http components support for Spnego scheme
uses canonical name by default.
Also when resolving host name, on centos by default
there are other aliases so adding them to the
DelegationPermission.

Closes#32498
bizybot added a commit that referenced this pull request Aug 6, 2018
@bizybot
[Kerberos] Use canonical host name (#32588)
d5fafbf 
The Apache Http components support for Spnego scheme
uses canonical name by default.
Also when resolving host name, on centos by default
there are other aliases so adding them to the
DelegationPermission.

Closes#32498
dnhatn added a commit that referenced this pull request Aug 6, 2018
@dnhatn
Merge branch '6.x' into ccr-6.x
e4a919f 
* 6.x:
  [Kerberos] Use canonical host name (#32588)
  Cross-cluster search: preserve cluster alias in shard failures (#32608)
  [TEST] Allow to run in FIPS JVM (#32607)
  Handle AlreadyClosedException when bumping primary term
  [Test] Add ckb to the list of unsupported languages (#32611)
  SCRIPTING: Move Aggregation Scripts to their own context (#32068) (#32629)
  [TEST] Enhance failure message when bulk updates have failures
  [ML] Add ML result classes to protocol library (#32587)
  Suppress LicensingDocumentationIT.testPutLicense in release builds (#32613)
  [Rollup] Improve ID scheme for rollup documents (#32558)
  Mutes failing SQL string function tests due to #32589
  Suppress Wildfly test in FIPS JVMs (#32543)
  Add cluster UUID to Cluster Stats API response (#32206)
  [ML] Add some ML config classes to protocol library (#32502)
  [TEST]Split transport verification mode none tests (#32488)
  [Rollup] Remove builders from DateHistogramGroupConfig (#32555)
  [ML] Add Detector config classes to protocol library (#32495)
  [Rollup] Remove builders from MetricConfig (#32536)
  Fix race between replica reset and primary promotion (#32442)
  HLRC: Move commercial clients from XPackClient (#32596)
  Security: move User to protocol project (#32367)
  Minor fix for javadoc (applicable for java 11). (#32573)
  Painless: Move Some Lookup Logic to PainlessLookup (#32565)
  Core: Minor size reduction for AbstractComponent (#32509)
  INGEST: Enable default pipelines (#32286) (#32591)
  TEST: Avoid merges in testSeqNoAndCheckpoints
  [Rollup] Remove builders from HistoGroupConfig (#32533)
  fixed elements in array of produced terms (#32519)
  Mutes ReindexFailureTests.searchFailure dues to #28053
  Mutes LicensingDocumentationIT due to #32580
  Remove the SATA controller from OpenSUSE box
  [ML] Rename JobProvider to JobResultsProvider (#32551)
@jakelandis jakelandis mentioned this pull request Sep 6, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tvernum tvernum tvernum approved these changes

@colings86 colings86 Awaiting requested review from colings86

Assignees
No one assigned
Labels
:Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) >test Issues or PRs that are addressing/adding tests v6.4.0 v6.5.0 v7.0.0-beta1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[CI] KerberosAuthenticationIT fails in CI
4 participants
@bizybot @elasticmachine @tvernum @colings86