zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: Kerberos SASL broken unless 0.0.0.0 as "this" quorum server address
Date Wed, 09 Mar 2016 17:09:26 GMT
so you are contacting all IPv4 addresses on the local machine..did you want to multicast your
Kerberos authentication request?
perhaps its time to use a Kerberos Authentication Test Tool to the specific IP and Port you
want to connect to
http://blog.michelbarneveld.nl/michel/archive/2009/12/05/kerberos-authentication-tester.aspx
Anyone have ideas for testing Kerberos Authentication?
Martin 
______________________________________________ 
                                                                                         
         


> From: phunt@apache.org
> Date: Wed, 9 Mar 2016 08:47:14 -0800
> Subject: Re: Kerberos SASL broken unless 0.0.0.0 as "this" quorum server address
> To: user@zookeeper.apache.org
> 
> I've never heard of such an issue. Sounds environmental to me. I'm not
> sure what you're trying to use this with but HBase has a pretty good
> setup guide http://hbase.apache.org/0.94/book/zk.sasl.auth.html
> 
> Patrick
> 
> On Tue, Mar 8, 2016 at 1:19 PM, Irfan Hamid <ihamid@salesforce.com> wrote:
> > Any info in this issue would be much appreciated.
> >
> > TIA,
> > Irfan.
> >
> > On Thu, Mar 3, 2016 at 1:28 PM, Irfan Hamid <ihamid@salesforce.com> wrote:
> >
> >> Hi,
> >>
> >> I have a Kerberised setup with 3 ZK quorum servers (3.4.6 running on JRE
> >> 8u66). If I set all zoo.cfg server.n to the FQDN of the servers, they can
> >> connect to each other fine. However, clients cannot connect to any of the
> >> quorum servers and error out with:
> >>
> >> `Unable to read additional data from server sessionid 0x0, likely server
> >> has closed socket, closing socket connection and attempting reconnect
> >>
> >> However, if I change the server.x for the local server in each zoo.cfg
> >> with 0.0.0.0:2888:3888 and then it works.
> >>
> >> Is this standard practice for Kerberos configuration or is this pointing
> >> to a problem in my setup?
> >>
> >> Thanks,
> >> Irfan.
> >>
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message