[ https://issues.apache.org/jira/browse/ZOOKEEPER-1373?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eugene Koontz updated ZOOKEEPER-1373: ------------------------------------- Attachment: ZOOKEEPER-1373.patch New patch that moves most new code to ZooKeeperSaslClient rather than ClientCnxn. > Hardcoded SASL login context name clashes with Hadoop security configuration > override > ------------------------------------------------------------------------------------- > > Key: ZOOKEEPER-1373 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1373 > Project: ZooKeeper > Issue Type: Bug > Components: java client > Affects Versions: 3.4.2 > Reporter: Thomas Weise > Assignee: Eugene Koontz > Fix For: 3.4.3, 3.5.0 > > Attachments: ZOOKEEPER-1373-TW_3_4.patch, ZOOKEEPER-1373.patch, > ZOOKEEPER-1373.patch, ZOOKEEPER-1373.patch, ZOOKEEPER-1373.patch, > ZOOKEEPER-1373.patch > > > I'm trying to configure a process with Hadoop security (Hive metastore > server) to talk to ZooKeeper 3.4.2 with Kerberos authentication. In this > scenario Hadoop controls the SASL configuration > (org.apache.hadoop.security.UserGroupInformation.HadoopConfiguration), > instead of setting up the ZooKeeper "Client" loginContext via jaas.conf and > system property > {{-Djava.security.auth.login.config}} > Using the Hadoop configuration would work, except that ZooKeeper client code > expects the loginContextName to be "Client" while Hadoop security will use > "hadoop-keytab-kerberos". I verified that by changing the name in the > debugger the SASL authentication succeeds while otherwise the login > configuration cannot be resolved and the connection to ZooKeeper is > unauthenticated. > To integrate with Hadoop, the following in ZooKeeperSaslClient would need to > change to make the name configurable: > {{login = new Login("Client",new ClientCallbackHandler(null));}} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira