zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Irfan Hamid <iha...@salesforce.com>
Subject Re: Kerberos SASL broken unless 0.0.0.0 as "this" quorum server address
Date Thu, 10 Mar 2016 17:33:59 GMT
Yup. It works perfectly fine without Kerberos. I was having issues with the
Kerberos not working due to the machine resolving itself as localhost
instead of its FQDN and I modified /etc/hosts. Although I've got it back to
its original state this issue persists. I'll try and install it onto VMs to
see if that helps.

Thanks,
Irfan.

On Thu, Mar 10, 2016 at 7:21 AM, Patrick Hunt <phunt@apache.org> wrote:

> Have you tried running without Kerberos? Does it work in that
> simplified scenario? You might start there to minimize variables, then
> turn on kerberos once you're confident the base system is working.
>
> Patrick
>
> On Wed, Mar 9, 2016 at 1:52 PM, Irfan Hamid <ihamid@salesforce.com> wrote:
> > I did modify my /etc/hosts file for testing, that might be messing things
> > up perhaps. And no, I didn't want to multicast my auth request.
> >
> > Thanks,
> > Irfan.
> >
> > On Wed, Mar 9, 2016 at 9:09 AM, Martin Gainty <mgainty@hotmail.com>
> wrote:
> >
> >> so you are contacting all IPv4 addresses on the local machine..did you
> >> want to multicast your Kerberos authentication request?
> >> perhaps its time to use a Kerberos Authentication Test Tool to the
> >> specific IP and Port you want to connect to
> >>
> >>
> http://blog.michelbarneveld.nl/michel/archive/2009/12/05/kerberos-authentication-tester.aspx
> >> Anyone have ideas for testing Kerberos Authentication?
> >> Martin
> >> ______________________________________________
> >>
> >>
> >>
> >> > From: phunt@apache.org
> >> > Date: Wed, 9 Mar 2016 08:47:14 -0800
> >> > Subject: Re: Kerberos SASL broken unless 0.0.0.0 as "this" quorum
> server
> >> address
> >> > To: user@zookeeper.apache.org
> >> >
> >> > I've never heard of such an issue. Sounds environmental to me. I'm not
> >> > sure what you're trying to use this with but HBase has a pretty good
> >> > setup guide http://hbase.apache.org/0.94/book/zk.sasl.auth.html
> >> >
> >> > Patrick
> >> >
> >> > On Tue, Mar 8, 2016 at 1:19 PM, Irfan Hamid <ihamid@salesforce.com>
> >> wrote:
> >> > > Any info in this issue would be much appreciated.
> >> > >
> >> > > TIA,
> >> > > Irfan.
> >> > >
> >> > > On Thu, Mar 3, 2016 at 1:28 PM, Irfan Hamid <ihamid@salesforce.com>
> >> wrote:
> >> > >
> >> > >> Hi,
> >> > >>
> >> > >> I have a Kerberised setup with 3 ZK quorum servers (3.4.6 running
> on
> >> JRE
> >> > >> 8u66). If I set all zoo.cfg server.n to the FQDN of the servers,
> they
> >> can
> >> > >> connect to each other fine. However, clients cannot connect to
any
> of
> >> the
> >> > >> quorum servers and error out with:
> >> > >>
> >> > >> `Unable to read additional data from server sessionid 0x0, likely
> >> server
> >> > >> has closed socket, closing socket connection and attempting
> reconnect
> >> > >>
> >> > >> However, if I change the server.x for the local server in each
> zoo.cfg
> >> > >> with 0.0.0.0:2888:3888 and then it works.
> >> > >>
> >> > >> Is this standard practice for Kerberos configuration or is this
> >> pointing
> >> > >> to a problem in my setup?
> >> > >>
> >> > >> Thanks,
> >> > >> Irfan.
> >> > >>
> >>
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message