zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Irfan Hamid <iha...@salesforce.com>
Subject Kerberos auth support on the client
Date Thu, 10 Sep 2015 16:17:03 GMT
Hi,

Here at Salesforce we're trying to roll out ZK to production for
coordinating our search service. One of our requirements is to use Kerberos
auth for ZK <---> client communication. While it seems that on the ZK
server side enabling Kerb auth is straightforward with config options as
given here
<http://www.cloudera.com/content/cloudera/en/documentation/cdh4/v4-2-2/CDH4-Security-Guide/cdh4sg_topic_11_1.html>
by
setting up a JAAS config file with a "Server" section. OTOH I haven't been
able to find anything other than this
<https://ambari.apache.org/1.2.5/installing-hadoop-using-ambari/content/ambari-kerb-2-3-2-2.html>
for the client side, which indicates that having a "Client" section in the
JAAS config might be enough.

Looking at the code I see that the ClientCnxn class does have a switch in
startConnect() that uses ZooKeeperSaslClient. My question is, is setting
the JAAS conf file sufficient to use the ZK client library to connect to a
Kerberised ZK ensemble or is specific code also needed. In the case of the
latter, could someone point me to, e.g., HBase code that does this
authenticated connection?

TIA,
Irfan.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message