zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jörn Franke <jornfra...@gmail.com>
Subject Clarification: SSL Client: Need of keystore?
Date Tue, 30 Jul 2019 18:49:09 GMT
Hi,

I have a kerberized Zookeeper cluster and would like to add SSL on the
client side and to the quorum.

So far the server configuration is clear. However, according to
https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide

I need to specify on the client side
zookeeper.ssl.keyStore.location="/path/to/your/keystore"
zookeeper.ssl.keyStore.password="keystore_password"
zookeeper.ssl.trustStore.location="/path/to/your/truststore"
zookeeper.ssl.trustStore.password="truststore_password"

I do understand the need to provide a truststore, but why does the client
need a keystore. As far as I understood the keystore is only needed for
X509 authentication, but I use the Kerberos authentication.

Does it mean the SSL client connection requires X509 authentication and
Kerberos is not possible?
Can you please clarify?

thank you.

best regards

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message