From user-return-12429-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org Thu Dec 12 22:19:33 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id B57B918061A for ; Thu, 12 Dec 2019 23:19:32 +0100 (CET) Received: (qmail 36840 invoked by uid 500); 12 Dec 2019 22:19:31 -0000 Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@zookeeper.apache.org Delivered-To: mailing list user@zookeeper.apache.org Received: (qmail 36826 invoked by uid 99); 12 Dec 2019 22:19:31 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Dec 2019 22:19:31 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id A4544C02CC for ; Thu, 12 Dec 2019 22:19:30 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.001 X-Spam-Level: X-Spam-Status: No, score=0.001 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id 0M45Dk_Spefe for ; Thu, 12 Dec 2019 22:19:29 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.222.181; helo=mail-qk1-f181.google.com; envelope-from=rammohanganap@gmail.com; receiver= Received: from mail-qk1-f181.google.com (mail-qk1-f181.google.com [209.85.222.181]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 1EC2BBC509 for ; Thu, 12 Dec 2019 22:19:29 +0000 (UTC) Received: by mail-qk1-f181.google.com with SMTP id d202so514837qkb.1 for ; Thu, 12 Dec 2019 14:19:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=90oNLhEEBf0czopEswdhDbzecXWbuajTinBJrmr2A3c=; b=rnaXGZkFGhguUVDuDQkTXZ96QlyJxX6N3rwG0lTKwEArkCJBzaM6GTvMIaSI++3iNx YAgl5t+X7Iw+Eri8i5tycAxhQQHzA2dxhc40b74NwNpYF6klZyWR36vqooZVeW6qkIWy O/1rE96TQZgo9Xgvk8W9p1GRAyrZ8HFVBHh82xKf7qD2tAHJud+C2/CIo18m3DnYbV8r M2DZp1TRmhsgrYLNCTACkuwUE+FC6tcYd6N2NNL5fWmx8KvPedewafx6CETYhW4aynEd 8qWu7THbWZRMDYTVOjknPqbYR2SqS+7quIezM/wDrcMHB3I2gqkJrSk8dRdNAt6aH4NU AQag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=90oNLhEEBf0czopEswdhDbzecXWbuajTinBJrmr2A3c=; b=Q7zh35+lbSziYOvI4LmdQyvlBYmXi0jZJPDsLHKnT/pWw2PzFgIbudLk2f/TLb3FO9 cfbjrNfFTZl8U0H7Vvt56WWAmvyNMX8JhrwTmKT3zI1VQTOswhI3iRAiZigS0lx8lWro il8loMTYxatTHn3X08aFefwN6+Ap9VeNF7neZS3HivV5gdFp3brIIwvVmUYPx8sKZEBy kgDinoMbPp/W2PZ0s5P8krTz8z+Kjg6LkpD8riYXsxvdi9jkplyJ5Tt0o4W3yBFQGIen VpUyTTl8QOqNhmWebLbfEfJEpDVpzpg2LdLCPVG5qWOzrJKOq1r/KS/QJulWVzrVd3hV E/sg== X-Gm-Message-State: APjAAAXr7F4ggvZc869q4QD2vlMGuuPP0kl+sG3TYDUyGR5eXgDuiXqW e9jrWz2p5mmqNz2HfR4a709Xy1eAQ4ORm0P/RuqXzhqe X-Google-Smtp-Source: APXvYqyJlEMZmfISDiSbgi7ovG+XVwluYwoxE77I3S8VBsx6H9fYW1FtMGeIkm+HtPOyKEYom0dhMrisjHdgENJRCwY= X-Received: by 2002:a37:6451:: with SMTP id y78mr10329628qkb.499.1576189168391; Thu, 12 Dec 2019 14:19:28 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: rammohan ganapavarapu Date: Thu, 12 Dec 2019 14:18:52 -0800 Message-ID: Subject: Re: default value for quorum.auth.kerberos.servicePrincipal To: user@zookeeper.apache.org Content-Type: multipart/alternative; boundary="0000000000007b187b059989233f" --0000000000007b187b059989233f Content-Type: text/plain; charset="UTF-8" Hi, Even if i enable sasl but md5-diget what should be this property set to, this property only take effect for kerberos or for both? Ram On Fri, Dec 6, 2019 at 7:55 AM rammohan ganapavarapu < rammohanganap@gmail.com> wrote: > Mate, > > Thank you, I did search source code found the same, I am trying to create > a zoo conf with all default properties. > > Ram > > On Fri, Dec 6, 2019, 2:44 AM Mate Szalay-Beko > wrote: > >> Hi Ram, >> >> this parameter is needed to be defined when you want to enable secure >> authentication in the communication between ZooKeeper servers. In general, >> the 'principal' is a 'username' what you want your ZooKeeper servers to >> use >> when they talk with each other. Ideally you have a central Kereros service >> somewhere where this principal is already registered. >> A kerberos principal is usually in the form of >> "user_or_service_name/host@realm" (some more explanation: >> https://ssimo.org/blog/id_016.html) >> >> According to the source code, the default value of >> quorum.auth.kerberos.servicePrincipal is "zkquorum/localhost". But I think >> if you don't enable the quorum SASL in ZooKeeper, then this property will >> never be actually used. >> >> Please see this page about SASL in ZooKeeper: >> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+and+SASL >> >> I also found a Cloudera blogpost on the topic: >> >> https://blog.cloudera.com/hardening-apache-zookeeper-security-sasl-quorum-peer-mutual-authentication-and-authorization/ >> >> Cheers, >> Mate >> >> >> On Thu, Dec 5, 2019 at 11:50 PM rammohan ganapavarapu < >> rammohanganap@gmail.com> wrote: >> >> > Hi, >> > >> > What is the default value for this property, if i don't enable sasl >> and if >> > i don't define what will be the value? >> > >> > quorum.auth.kerberos.servicePrincipal >> > >> > Also what does this means "servicename/_HOST" >> > >> > Thanks, >> > Ram >> > >> > --0000000000007b187b059989233f--