zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Camille Fournier (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ZOOKEEPER-1664) Kerberos auth doesn't work with native platform GSS integration
Date Fri, 06 Sep 2013 20:13:52 GMT

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-1664?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Camille Fournier updated ZOOKEEPER-1664:
----------------------------------------

    Attachment: ZOOKEEPER-1664.patch
    
> Kerberos auth doesn't work with native platform GSS integration
> ---------------------------------------------------------------
>
>                 Key: ZOOKEEPER-1664
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1664
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client, server
>    Affects Versions: 3.4.5
>         Environment: Linux (and likely also Solaris).
>            Reporter: Boaz Kelmer
>         Attachments: ZOOKEEPER-1664.patch, ZOOKEEPER-1664.patch
>
>
> Java on Linux/Solaris can be set up to use the native (via C library)
> GSS implementation. This is configured by setting the system property
>    sun.security.jgss.native=true
> When using this feature, ZooKeeper Sasl/JGSS authentication doesn't work.
> The reason is explained in
> http://docs.oracle.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
> """
> [when using native GSS...]
> In addition, when performing operations as a particular Subject, e.g. 
> Subject.doAs(...) or Subject.doAsPrivileged(...), the to-be-used 
> GSSCredential should be added to Subject's private credential set. 
> Otherwise, the GSS operations will fail since no credential is found.
> """

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message