zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Hunt <ph...@apache.org>
Subject Re: Kerberos SASL broken unless 0.0.0.0 as "this" quorum server address
Date Mon, 14 Mar 2016 16:12:21 GMT
Hm, that's very odd. I've never seen that. Eugene do you have any insight?

Patrick

On Thu, Mar 10, 2016 at 9:33 AM, Irfan Hamid <ihamid@salesforce.com> wrote:
> Yup. It works perfectly fine without Kerberos. I was having issues with the
> Kerberos not working due to the machine resolving itself as localhost
> instead of its FQDN and I modified /etc/hosts. Although I've got it back to
> its original state this issue persists. I'll try and install it onto VMs to
> see if that helps.
>
> Thanks,
> Irfan.
>
> On Thu, Mar 10, 2016 at 7:21 AM, Patrick Hunt <phunt@apache.org> wrote:
>
>> Have you tried running without Kerberos? Does it work in that
>> simplified scenario? You might start there to minimize variables, then
>> turn on kerberos once you're confident the base system is working.
>>
>> Patrick
>>
>> On Wed, Mar 9, 2016 at 1:52 PM, Irfan Hamid <ihamid@salesforce.com> wrote:
>> > I did modify my /etc/hosts file for testing, that might be messing things
>> > up perhaps. And no, I didn't want to multicast my auth request.
>> >
>> > Thanks,
>> > Irfan.
>> >
>> > On Wed, Mar 9, 2016 at 9:09 AM, Martin Gainty <mgainty@hotmail.com>
>> wrote:
>> >
>> >> so you are contacting all IPv4 addresses on the local machine..did you
>> >> want to multicast your Kerberos authentication request?
>> >> perhaps its time to use a Kerberos Authentication Test Tool to the
>> >> specific IP and Port you want to connect to
>> >>
>> >>
>> http://blog.michelbarneveld.nl/michel/archive/2009/12/05/kerberos-authentication-tester.aspx
>> >> Anyone have ideas for testing Kerberos Authentication?
>> >> Martin
>> >> ______________________________________________
>> >>
>> >>
>> >>
>> >> > From: phunt@apache.org
>> >> > Date: Wed, 9 Mar 2016 08:47:14 -0800
>> >> > Subject: Re: Kerberos SASL broken unless 0.0.0.0 as "this" quorum
>> server
>> >> address
>> >> > To: user@zookeeper.apache.org
>> >> >
>> >> > I've never heard of such an issue. Sounds environmental to me. I'm
not
>> >> > sure what you're trying to use this with but HBase has a pretty good
>> >> > setup guide http://hbase.apache.org/0.94/book/zk.sasl.auth.html
>> >> >
>> >> > Patrick
>> >> >
>> >> > On Tue, Mar 8, 2016 at 1:19 PM, Irfan Hamid <ihamid@salesforce.com>
>> >> wrote:
>> >> > > Any info in this issue would be much appreciated.
>> >> > >
>> >> > > TIA,
>> >> > > Irfan.
>> >> > >
>> >> > > On Thu, Mar 3, 2016 at 1:28 PM, Irfan Hamid <ihamid@salesforce.com>
>> >> wrote:
>> >> > >
>> >> > >> Hi,
>> >> > >>
>> >> > >> I have a Kerberised setup with 3 ZK quorum servers (3.4.6
running
>> on
>> >> JRE
>> >> > >> 8u66). If I set all zoo.cfg server.n to the FQDN of the servers,
>> they
>> >> can
>> >> > >> connect to each other fine. However, clients cannot connect
to any
>> of
>> >> the
>> >> > >> quorum servers and error out with:
>> >> > >>
>> >> > >> `Unable to read additional data from server sessionid 0x0,
likely
>> >> server
>> >> > >> has closed socket, closing socket connection and attempting
>> reconnect
>> >> > >>
>> >> > >> However, if I change the server.x for the local server in
each
>> zoo.cfg
>> >> > >> with 0.0.0.0:2888:3888 and then it works.
>> >> > >>
>> >> > >> Is this standard practice for Kerberos configuration or is
this
>> >> pointing
>> >> > >> to a problem in my setup?
>> >> > >>
>> >> > >> Thanks,
>> >> > >> Irfan.
>> >> > >>
>> >>
>> >>
>>

Mime
View raw message