zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrico Olivelli <eolive...@gmail.com>
Subject Re: Clarification: SSL Client: Need of keystore?
Date Wed, 14 Aug 2019 15:14:10 GMT
Il mar 30 lug 2019, 20:49 Jörn Franke <jornfranke@gmail.com> ha scritto:

> Hi,
>
> I have a kerberized Zookeeper cluster and would like to add SSL on the
> client side and to the quorum.
>
> So far the server configuration is clear. However, according to
>
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide
>
> I need to specify on the client side
> zookeeper.ssl.keyStore.location="/path/to/your/keystore"
> zookeeper.ssl.keyStore.password="keystore_password"
> zookeeper.ssl.trustStore.location="/path/to/your/truststore"
> zookeeper.ssl.trustStore.password="truststore_password"
>
> I do understand the need to provide a truststore, but why does the client
> need a keystore. As far as I understood the keystore is only needed for
> X509 authentication, but I use the Kerberos authentication.
>

Your question is fair.
Did you try not to configure a keystore for the client?

Enrico


> Does it mean the SSL client connection requires X509 authentication and
> Kerberos is not possible?
> Can you please clarify?
>
> thank you.
>
> best regards
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message