zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2860) Update sample server jaas config for kerberos auth
Date Mon, 21 Aug 2017 11:20:02 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16135043#comment-16135043
] 

Andrey commented on ZOOKEEPER-2860:
-----------------------------------

I've created kerberos account and attached several SPN to it. (this is a valid setup). However
when I tried to use sample configuration from the documentation i've got "Client not found
in Kerberos database" error from Kerberos. That's because server was trying to acquire TGT,
which is not required. And for TGT it needs service account, not SPN.

> Update sample server jaas config for kerberos auth
> --------------------------------------------------
>
>                 Key: ZOOKEEPER-2860
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2860
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: documentation
>            Reporter: Andrey
>
> Currently sample server jaas configuration for kerberos contains:
> {code}
> principal="zookeeper/yourzkhostname"
> {code}
> Background on why "princinpal=SPN" and "isInitiator=true" won't work is here:
> https://dmdaa.wordpress.com/2010/03/27/the-impact-of-isinitiator-on-jaas-login-configuration-and-the-role-if-spn/
> Expected:
> {code}
>        isInitiator=false
>        principal="zookeeper/yourzkhostname";
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message