zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Irfan Hamid <iha...@salesforce.com>
Subject Kerberos auth support on the client
Date Thu, 10 Sep 2015 16:17:03 GMT

Here at Salesforce we're trying to roll out ZK to production for
coordinating our search service. One of our requirements is to use Kerberos
auth for ZK <---> client communication. While it seems that on the ZK
server side enabling Kerb auth is straightforward with config options as
given here
setting up a JAAS config file with a "Server" section. OTOH I haven't been
able to find anything other than this
for the client side, which indicates that having a "Client" section in the
JAAS config might be enough.

Looking at the code I see that the ClientCnxn class does have a switch in
startConnect() that uses ZooKeeperSaslClient. My question is, is setting
the JAAS conf file sufficient to use the ZK client library to connect to a
Kerberised ZK ensemble or is specific code also needed. In the case of the
latter, could someone point me to, e.g., HBase code that does this
authenticated connection?


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message