zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rammohan ganapavarapu <rammohanga...@gmail.com>
Subject Re: default value for quorum.auth.kerberos.servicePrincipal
Date Thu, 12 Dec 2019 22:18:52 GMT
Hi,

Even if i enable sasl but md5-diget what should be this property set to,
this property only take effect for kerberos or for both?

Ram

On Fri, Dec 6, 2019 at 7:55 AM rammohan ganapavarapu <
rammohanganap@gmail.com> wrote:

> Mate,
>
> Thank you, I did search source code found the same, I am trying to create
> a zoo conf with all default properties.
>
> Ram
>
> On Fri, Dec 6, 2019, 2:44 AM Mate Szalay-Beko <mszalay@cloudera.com.invalid>
> wrote:
>
>> Hi Ram,
>>
>> this parameter is needed to be defined when you want to enable secure
>> authentication in the communication between ZooKeeper servers. In general,
>> the 'principal' is a 'username' what you want your ZooKeeper servers to
>> use
>> when they talk with each other. Ideally you have a central Kereros service
>> somewhere where this principal is already registered.
>> A kerberos principal is usually in the form of
>> "user_or_service_name/host@realm" (some more explanation:
>> https://ssimo.org/blog/id_016.html)
>>
>> According to the source code, the default value of
>> quorum.auth.kerberos.servicePrincipal is "zkquorum/localhost". But I think
>> if you don't enable the quorum SASL in ZooKeeper, then this property will
>> never be actually used.
>>
>> Please see this page about SASL in ZooKeeper:
>> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+and+SASL
>>
>> I also found a Cloudera blogpost on the topic:
>>
>> https://blog.cloudera.com/hardening-apache-zookeeper-security-sasl-quorum-peer-mutual-authentication-and-authorization/
>>
>> Cheers,
>> Mate
>>
>>
>> On Thu, Dec 5, 2019 at 11:50 PM rammohan ganapavarapu <
>> rammohanganap@gmail.com> wrote:
>>
>> > Hi,
>> >
>> > What is the default value for this property, if i don't  enable sasl
>> and if
>> > i don't define what will be the value?
>> >
>> > quorum.auth.kerberos.servicePrincipal
>> >
>> > Also what does this means "servicename/_HOST"
>> >
>> > Thanks,
>> > Ram
>> >
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message