zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Han <h...@cloudera.com>
Subject Re: zookeeper SASL issue
Date Thu, 21 Jul 2016 20:12:35 GMT
'No key to store' implies the keytab file is either not present or is
invalid. I'd suggest validate the keytab file out of the context of
zookeeper (for example using kinit) and check if it's valid.

On Thu, Jul 21, 2016 at 10:13 AM, Aneela Saleem <aneela@platalytics.com>
wrote:

> Hi,
>
> I have configured zookeeper to work with kerberos. I have added following
> principal.
> zkcli/hadoop-master@platalyticsrealm
>
> Here are contents of my jaas.conf
>
> Server {
>   com.sun.security.auth.module.Krb5LoginModule required
>   useKeyTab=true
>   keyTab="/etc/hadoop/conf/zk.keytab"
>   storeKey=true
>   useTicketCache=false
>   principal="zookeeper/hadoop-master@platalyticsrealm";
> };
> Client {
>   com.sun.security.auth.module.Krb5LoginModule required
>   useKeyTab=true
>   keyTab="/etc/hadoop/conf/zkcli.keytab"
>   storeKey=true
>   useTicketCache=true
>   principal="zkcli@platalyticsrealm"
>   debug=true;
> };
>
>
> When i run zookeeper client using the command
> *./zkCli.sh -server hadoop-master:2181*
>
> it produces following exception
>
>  SASL configuration failed: javax.security.auth.login.LoginException: No
> key to store Will continue connection to Zookeeper server without SASL
> authentication, if Zookeeper server allows it.
>
> Any suggestions
>
> Thanks
>



-- 
Cheers
Michael.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message