zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Irfan Hamid <iha...@salesforce.com>
Subject Kerberos authentication setup question
Date Fri, 29 Jan 2016 22:51:01 GMT
Hi,

We're trying to set up ZooKeeper with Kerberos authentication in our setup.
The documentation about setting this up is a bit complicated. The steps for
the ZooKeeper quorum servers are quite clear:

*ZooKeeper quorum servers*
1. Create zookeeper service principals as described here
<http://www.cloudera.com/documentation/archive/cdh/4-x/4-2-0/CDH4-Security-Guide/cdh4sg_topic_11_1.html>.
I am creating them as zookeeper/fqdn.of.my.zk.quorum.server@MYREAL.COM
2. Copy the keytab files created in (1) to the respective ZooKeeper quorum
servers and place it in the ZooKeeper conf directory
3. Add the configs indicated to the zoo.cfg file
4. Add a jaas.conf file (and point to it as part of the jvm params) as
indicated

*ZooKeeper client side*
This part is throwing me for a loop. We are using the basic ZooKeeper API
(not Curator) in our client side code and creating connections using the
vanilla new ZooKeeper(cxnString, ...) constructor. The only documentation
on how to set this up I could find is here
<http://www.cloudera.com/documentation/archive/cdh/4-x/4-3-0/CDH4-Security-Guide/cdh4sg_topic_11_2.html>.
I was wondering if the linked steps would work for my use-case or if these
are for a specific Cloudera ZooKeeper client tool?

1. Create zookeeper client principals using zkcli@MYREAL.COM (the client's
FQDN isn't needed here?)
2. Copy the keytab file to the machine running our client app
3. Make the necessary modifications to jaas.conf
4. Run our client app with the JVM param pointing to the jaas.conf file
from (2)

Is my understanding correct or are these steps only for the Cloudera client
shell?

Regards,
Irfan.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message