Return-Path: X-Original-To: apmail-zookeeper-user-archive@www.apache.org Delivered-To: apmail-zookeeper-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 12C4D18BDD for ; Fri, 29 Jan 2016 22:51:35 +0000 (UTC) Received: (qmail 58906 invoked by uid 500); 29 Jan 2016 22:51:33 -0000 Delivered-To: apmail-zookeeper-user-archive@zookeeper.apache.org Received: (qmail 58847 invoked by uid 500); 29 Jan 2016 22:51:33 -0000 Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@zookeeper.apache.org Delivered-To: mailing list user@zookeeper.apache.org Received: (qmail 57905 invoked by uid 99); 29 Jan 2016 22:51:32 -0000 Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Jan 2016 22:51:32 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 40E0BC0D8E for ; Fri, 29 Jan 2016 22:51:32 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.88 X-Spam-Level: ** X-Spam-Status: No, score=2.88 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=salesforce.com Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id PAZwFDqYSdEZ for ; Fri, 29 Jan 2016 22:51:23 +0000 (UTC) Received: from mail-ig0-f173.google.com (mail-ig0-f173.google.com [209.85.213.173]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 7E474258C7 for ; Fri, 29 Jan 2016 22:51:22 +0000 (UTC) Received: by mail-ig0-f173.google.com with SMTP id ik10so668675igb.1 for ; Fri, 29 Jan 2016 14:51:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salesforce.com; s=google; h=mime-version:from:date:message-id:subject:to:content-type; bh=gieyWWqJ8jW6z3kz8m1Mc+v43eEAlXdtBE6zmJJS9M0=; b=FK4mYdmbWPH/m+wEqyVABIbCYEZYoUtFVYs7nC2SPA/oeS9ZUAgj4j4W1LxfHoX6qh MlK3zLMzyDo5jbKnjSPjF4gsMolFBkNa1H1mN/r162oFymSEvGUUI6RKMb6GSRTm14TC zmqgwD0poiQ0TcWFZDuWKi05LIbsGvvLJlGd8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=gieyWWqJ8jW6z3kz8m1Mc+v43eEAlXdtBE6zmJJS9M0=; b=DxPHgfner/nhVFtRk3tlc01m2t1QlI6hY0k6CgSn2qDaq7VJfBVrUgpns51jP/HurT peBkglnRdyD4NsBjhSqDh5fCe1RvhHitbHr+wA12MVknmV/AspowbVZd4nV8g1lrZU+S nPogUnFmJ6qILus6DGzlIsOspcBUL4P8m1vV/26gwU7GRHhQpMfKMimaYM4NhOWPXw8t LrO7AjZAHp9q/fwikGLPCjvxES8/x0liNTG5hYx7MeaSmUmGRgSG2tyqioe3O5FUae8J bHJlqPnPiSX6WpycdVc4nAwlFqr9o+XbL+4WB92g4l3Sx1wMkY3IGKMTOlLwDVX8Vazq Sn1Q== X-Gm-Message-State: AG10YOS8N3x1LltjJZiPJMyuUvyarntSDgodb7Yv07iRnlvvBwl+o27QC/iN8bhfnNcmS70h9GOBYXjdNdu2Pho2 X-Received: by 10.50.142.73 with SMTP id ru9mr12512749igb.92.1454107881351; Fri, 29 Jan 2016 14:51:21 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.170.145 with HTTP; Fri, 29 Jan 2016 14:51:01 -0800 (PST) From: Irfan Hamid Date: Fri, 29 Jan 2016 14:51:01 -0800 Message-ID: Subject: Kerberos authentication setup question To: user@zookeeper.apache.org Content-Type: multipart/alternative; boundary=001a11c3db70bc1208052a80dfd7 --001a11c3db70bc1208052a80dfd7 Content-Type: text/plain; charset=UTF-8 Hi, We're trying to set up ZooKeeper with Kerberos authentication in our setup. The documentation about setting this up is a bit complicated. The steps for the ZooKeeper quorum servers are quite clear: *ZooKeeper quorum servers* 1. Create zookeeper service principals as described here . I am creating them as zookeeper/fqdn.of.my.zk.quorum.server@MYREAL.COM 2. Copy the keytab files created in (1) to the respective ZooKeeper quorum servers and place it in the ZooKeeper conf directory 3. Add the configs indicated to the zoo.cfg file 4. Add a jaas.conf file (and point to it as part of the jvm params) as indicated *ZooKeeper client side* This part is throwing me for a loop. We are using the basic ZooKeeper API (not Curator) in our client side code and creating connections using the vanilla new ZooKeeper(cxnString, ...) constructor. The only documentation on how to set this up I could find is here . I was wondering if the linked steps would work for my use-case or if these are for a specific Cloudera ZooKeeper client tool? 1. Create zookeeper client principals using zkcli@MYREAL.COM (the client's FQDN isn't needed here?) 2. Copy the keytab file to the machine running our client app 3. Make the necessary modifications to jaas.conf 4. Run our client app with the JVM param pointing to the jaas.conf file from (2) Is my understanding correct or are these steps only for the Cloudera client shell? Regards, Irfan. --001a11c3db70bc1208052a80dfd7--