hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Helmling (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-14775) Replication can't authenticate with peer Zookeeper with different server principal
Date Fri, 06 Nov 2015 00:03:27 GMT
Gary Helmling created HBASE-14775:
-------------------------------------

             Summary: Replication can't authenticate with peer Zookeeper with different server
principal
                 Key: HBASE-14775
                 URL: https://issues.apache.org/jira/browse/HBASE-14775
             Project: HBase
          Issue Type: Bug
            Reporter: Gary Helmling
            Assignee: Gary Helmling


When replication is setup with security, where the local ZK cluster and peer ZK cluster use
different server principals, the source HBase cluster is unable to authenticate with the peer
ZK cluster.

When ZK is configured for SASL authentication and a server principal other than the default
("zookeeper") is used, the correct server principal must be specified on the client as a system
property -- the confusingly named {{zookeeper.sasl.client.username}}.  However, since this
is given as a system property, authentication with the peer cluster breaks when it uses a
different ZK server principal than the local cluster.

We need a way of tying this setting to the replication peer config and then setting the property
when the peer's ZooKeeperWatcher is created.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message