zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Irfan Hamid <iha...@salesforce.com>
Subject Re: Kerberos authentication setup question
Date Sat, 30 Jan 2016 18:22:13 GMT
Thanks Flavio. That's good news, and I'm especially grateful for that
second link, which inexplicably eluded me during my searches for this topic.

Regards,
Irfan.

On Fri, Jan 29, 2016 at 9:10 PM, Flavio Junqueira <fpj@apache.org> wrote:

> Hi Irfan,
>
> Your description sounds right to me. I'd add that you can check that your
> client watcher is getting a SaslConnected event.
>
> There is some more information here in the case you haven't seen this page:
>
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL <
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL>
>
> -Flavio
>
> > On 29 Jan 2016, at 14:51, Irfan Hamid <ihamid@salesforce.com> wrote:
> >
> > Hi,
> >
> > We're trying to set up ZooKeeper with Kerberos authentication in our
> setup.
> > The documentation about setting this up is a bit complicated. The steps
> for
> > the ZooKeeper quorum servers are quite clear:
> >
> > *ZooKeeper quorum servers*
> > 1. Create zookeeper service principals as described here
> > <
> http://www.cloudera.com/documentation/archive/cdh/4-x/4-2-0/CDH4-Security-Guide/cdh4sg_topic_11_1.html
> >.
> > I am creating them as zookeeper/fqdn.of.my.zk.quorum.server@MYREAL.COM
> > 2. Copy the keytab files created in (1) to the respective ZooKeeper
> quorum
> > servers and place it in the ZooKeeper conf directory
> > 3. Add the configs indicated to the zoo.cfg file
> > 4. Add a jaas.conf file (and point to it as part of the jvm params) as
> > indicated
> >
> > *ZooKeeper client side*
> > This part is throwing me for a loop. We are using the basic ZooKeeper API
> > (not Curator) in our client side code and creating connections using the
> > vanilla new ZooKeeper(cxnString, ...) constructor. The only documentation
> > on how to set this up I could find is here
> > <
> http://www.cloudera.com/documentation/archive/cdh/4-x/4-3-0/CDH4-Security-Guide/cdh4sg_topic_11_2.html
> >.
> > I was wondering if the linked steps would work for my use-case or if
> these
> > are for a specific Cloudera ZooKeeper client tool?
> >
> > 1. Create zookeeper client principals using zkcli@MYREAL.COM (the
> client's
> > FQDN isn't needed here?)
> > 2. Copy the keytab file to the machine running our client app
> > 3. Make the necessary modifications to jaas.conf
> > 4. Run our client app with the JVM param pointing to the jaas.conf file
> > from (2)
> >
> > Is my understanding correct or are these steps only for the Cloudera
> client
> > shell?
> >
> > Regards,
> > Irfan.
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message