[
https://issues.apache.org/jira/browse/ZOOKEEPER-1373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13193381#comment-13193381
]
jirapos...@reviews.apache.org commented on ZOOKEEPER-1373:
----------------------------------------------------------
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/3631/#review4606
-----------------------------------------------------------
src/java/main/org/apache/zookeeper/ClientCnxn.java
<https://reviews.apache.org/r/3631/#comment10253>
SASL connection also needs to be attempted when
ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY is set as system property and
java.security.auth.login.config is not set (that's what happens with Hadoop
security). That was part of my patch.
- Thomas
On 2012-01-25 18:56:42, Eugene Koontz wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/3631/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2012-01-25 18:56:42)
bq.
bq.
bq. Review request for zookeeper.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. ZOOKEEPER-1373: Hardcoded SASL login context name clashes with Hadoop
security configuration override
bq.
bq. Fix is to allow system property to designate the JAAS configuration
section that the zookeeper client will use.
bq.
bq.
bq. This addresses bug ZOOKEEPER-1373.
bq. https://issues.apache.org/jira/browse/ZOOKEEPER-1373
bq.
bq.
bq. Diffs
bq. -----
bq.
bq. conf/zoo_sample.cfg aafb324
bq. src/java/main/org/apache/zookeeper/ClientCnxn.java 6c25e40
bq. src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java
722538e
bq.
src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java
PRE-CREATION
bq.
src/java/test/org/apache/zookeeper/test/SaslAuthFailDesignatedClientTest.java
PRE-CREATION
bq.
bq. Diff: https://reviews.apache.org/r/3631/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq. "ant test" java tests pass.
bq.
bq.
bq. Thanks,
bq.
bq. Eugene
bq.
bq.
> Hardcoded SASL login context name clashes with Hadoop security configuration
> override
> -------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-1373
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1373
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.2
> Reporter: Thomas Weise
> Assignee: Eugene Koontz
> Fix For: 3.4.3, 3.5.0
>
> Attachments: ZOOKEEPER-1373-TW_3_4.patch, ZOOKEEPER-1373.patch,
> ZOOKEEPER-1373.patch
>
>
> I'm trying to configure a process with Hadoop security (Hive metastore
> server) to talk to ZooKeeper 3.4.2 with Kerberos authentication. In this
> scenario Hadoop controls the SASL configuration
> (org.apache.hadoop.security.UserGroupInformation.HadoopConfiguration),
> instead of setting up the ZooKeeper "Client" loginContext via jaas.conf and
> system property
> {{-Djava.security.auth.login.config}}
> Using the Hadoop configuration would work, except that ZooKeeper client code
> expects the loginContextName to be "Client" while Hadoop security will use
> "hadoop-keytab-kerberos". I verified that by changing the name in the
> debugger the SASL authentication succeeds while otherwise the login
> configuration cannot be resolved and the connection to ZooKeeper is
> unauthenticated.
> To integrate with Hadoop, the following in ZooKeeperSaslClient would need to
> change to make the name configurable:
> {{login = new Login("Client",new ClientCallbackHandler(null));}}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
