zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rammohan ganapavarapu <rammohanga...@gmail.com>
Subject Re: default value for quorum.auth.kerberos.servicePrincipal
Date Fri, 06 Dec 2019 15:55:35 GMT
Mate,

Thank you, I did search source code found the same, I am trying to create a
zoo conf with all default properties.

Ram

On Fri, Dec 6, 2019, 2:44 AM Mate Szalay-Beko <mszalay@cloudera.com.invalid>
wrote:

> Hi Ram,
>
> this parameter is needed to be defined when you want to enable secure
> authentication in the communication between ZooKeeper servers. In general,
> the 'principal' is a 'username' what you want your ZooKeeper servers to use
> when they talk with each other. Ideally you have a central Kereros service
> somewhere where this principal is already registered.
> A kerberos principal is usually in the form of
> "user_or_service_name/host@realm" (some more explanation:
> https://ssimo.org/blog/id_016.html)
>
> According to the source code, the default value of
> quorum.auth.kerberos.servicePrincipal is "zkquorum/localhost". But I think
> if you don't enable the quorum SASL in ZooKeeper, then this property will
> never be actually used.
>
> Please see this page about SASL in ZooKeeper:
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+and+SASL
>
> I also found a Cloudera blogpost on the topic:
>
> https://blog.cloudera.com/hardening-apache-zookeeper-security-sasl-quorum-peer-mutual-authentication-and-authorization/
>
> Cheers,
> Mate
>
>
> On Thu, Dec 5, 2019 at 11:50 PM rammohan ganapavarapu <
> rammohanganap@gmail.com> wrote:
>
> > Hi,
> >
> > What is the default value for this property, if i don't  enable sasl and
> if
> > i don't define what will be the value?
> >
> > quorum.auth.kerberos.servicePrincipal
> >
> > Also what does this means "servicename/_HOST"
> >
> > Thanks,
> > Ram
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message