[
https://issues.apache.org/jira/browse/OMID-310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17956081#comment-17956081
]
Istvan Toth commented on OMID-310:
----------------------------------
The problem is that the ZK client in HBase has the exact same problem.
Unless we solve this in HBase as well, there is no point to fixing this in Omid.
> Make Zookeeper login context name configurable
> ----------------------------------------------
>
> Key: OMID-310
> URL: https://issues.apache.org/jira/browse/OMID-310
> Project: Phoenix Omid
> Issue Type: Improvement
> Reporter: Istvan Toth
> Assignee: Istvan Toth
> Priority: Major
>
> Currently we need to specify a separate jaas.conf file for Omid to enable
> connecting to SASL/GSSAPI secured Zookeeper quorums.
> This is problematic on many levels, as this adds complications to clients
> using omid HA, like having to add an extra Java CLI option, and having to
> manage their own ticket renewal.
> A better option would be picking up the HBase ZK Sasl Configuration, and
> using it automatically.
> We also need to look into whether using separate effective principals for the
> HBase ZK connections and Omid ZK connections is possible now, and whether we
> want keep that support if it is.
> EDIT:
> While this approach is somewhat useful, it doesn't solve the jaas.conf issue
> in itself.
> Hadoop uses a custom Jaas conf, and does not set the global Configuration in
> the client (it does that in the server)
> It is possible to set the JVM level configuration, like Hadoop does in
> HadoopZookeeperFactory and ZookeeperClient.aclProvider() , but that may not
> be a good solution if there are other components using the Omid client code
> that want to use SASL independently of the Hadoop stack.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
