-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Kerberos] Use canonical host name with SPNEGO test #32588
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The Apache Http components support for Spnego scheme uses canonical name by default. Also when resolving host name, on centos by default there are other aliases so adding them to the DelegationPermission. Closes#32498
bizybot
added
>test
Issues or PRs that are addressing/adding tests
v7.0.0
:Security/Authentication
Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)
v6.4.0
v6.5.0
labels
Aug 2, 2018
Pinging @elastic/es-security |
bizybot
changed the title
[Kerberos] Use canonical host name
[Kerberos] Use canonical host name with SPNEGO test
Aug 2, 2018
tvernum
approved these changes
Aug 3, 2018
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
bizybot
added a commit
that referenced
this pull request
Aug 6, 2018
The Apache Http components support for Spnego scheme uses canonical name by default. Also when resolving host name, on centos by default there are other aliases so adding them to the DelegationPermission. Closes#32498
bizybot
added a commit
that referenced
this pull request
Aug 6, 2018
The Apache Http components support for Spnego scheme uses canonical name by default. Also when resolving host name, on centos by default there are other aliases so adding them to the DelegationPermission. Closes#32498
dnhatn
added a commit
that referenced
this pull request
Aug 6, 2018
* 6.x: [Kerberos] Use canonical host name (#32588) Cross-cluster search: preserve cluster alias in shard failures (#32608) [TEST] Allow to run in FIPS JVM (#32607) Handle AlreadyClosedException when bumping primary term [Test] Add ckb to the list of unsupported languages (#32611) SCRIPTING: Move Aggregation Scripts to their own context (#32068) (#32629) [TEST] Enhance failure message when bulk updates have failures [ML] Add ML result classes to protocol library (#32587) Suppress LicensingDocumentationIT.testPutLicense in release builds (#32613) [Rollup] Improve ID scheme for rollup documents (#32558) Mutes failing SQL string function tests due to #32589 Suppress Wildfly test in FIPS JVMs (#32543) Add cluster UUID to Cluster Stats API response (#32206) [ML] Add some ML config classes to protocol library (#32502) [TEST]Split transport verification mode none tests (#32488) [Rollup] Remove builders from DateHistogramGroupConfig (#32555) [ML] Add Detector config classes to protocol library (#32495) [Rollup] Remove builders from MetricConfig (#32536) Fix race between replica reset and primary promotion (#32442) HLRC: Move commercial clients from XPackClient (#32596) Security: move User to protocol project (#32367) Minor fix for javadoc (applicable for java 11). (#32573) Painless: Move Some Lookup Logic to PainlessLookup (#32565) Core: Minor size reduction for AbstractComponent (#32509) INGEST: Enable default pipelines (#32286) (#32591) TEST: Avoid merges in testSeqNoAndCheckpoints [Rollup] Remove builders from HistoGroupConfig (#32533) fixed elements in array of produced terms (#32519) Mutes ReindexFailureTests.searchFailure dues to #28053 Mutes LicensingDocumentationIT due to #32580 Remove the SATA controller from OpenSUSE box [ML] Rename JobProvider to JobResultsProvider (#32551)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
:Security/Authentication
Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)
>test
Issues or PRs that are addressing/adding tests
v6.4.0
v6.5.0
v7.0.0-beta1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The Apache Http components support for Spnego scheme
uses the canonical hostname by default.
On Centos, by default, there are other aliases like
localhost.localdomain
,localhost4
,localhost4.localdomain4
.This commit modifies where we resolve hostname to use
getCanonicalHostName
instead ofgetHostName
and addsDelegationPermission to security policy
for the alternate aliases of localhost.
Closes#32498