[ https://issues.apache.org/jira/browse/ZOOKEEPER-1373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13201209#comment-13201209 ]
Hudson commented on ZOOKEEPER-1373: ----------------------------------- Integrated in ZooKeeper-trunk #1451 (See [https://builds.apache.org/job/ZooKeeper-trunk/1451/]) ZOOKEEPER-1373. Hardcoded SASL login context name clashes with Hadoop security configuration override. (Eugene Koontz and Thomas Weise via mahadev) mahadev : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1240918 Files : * /zookeeper/trunk/CHANGES.txt * /zookeeper/trunk/src/java/main/org/apache/zookeeper/ClientCnxn.java * /zookeeper/trunk/src/java/main/org/apache/zookeeper/Login.java * /zookeeper/trunk/src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java * /zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java * /zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthFailDesignatedClientTest.java * /zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthMissingClientConfigTest.java > Hardcoded SASL login context name clashes with Hadoop security configuration > override > ------------------------------------------------------------------------------------- > > Key: ZOOKEEPER-1373 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1373 > Project: ZooKeeper > Issue Type: Bug > Components: java client > Affects Versions: 3.4.2 > Reporter: Thomas Weise > Assignee: Eugene Koontz > Fix For: 3.4.3, 3.5.0 > > Attachments: ZOOKEEPER-1373-TW_3_4.patch, ZOOKEEPER-1373.patch, > ZOOKEEPER-1373.patch, ZOOKEEPER-1373.patch, ZOOKEEPER-1373.patch, > ZOOKEEPER-1373.patch, ZOOKEEPER-1373.patch > > > I'm trying to configure a process with Hadoop security (Hive metastore > server) to talk to ZooKeeper 3.4.2 with Kerberos authentication. In this > scenario Hadoop controls the SASL configuration > (org.apache.hadoop.security.UserGroupInformation.HadoopConfiguration), > instead of setting up the ZooKeeper "Client" loginContext via jaas.conf and > system property > {{-Djava.security.auth.login.config}} > Using the Hadoop configuration would work, except that ZooKeeper client code > expects the loginContextName to be "Client" while Hadoop security will use > "hadoop-keytab-kerberos". I verified that by changing the name in the > debugger the SASL authentication succeeds while otherwise the login > configuration cannot be resolved and the connection to ZooKeeper is > unauthenticated. > To integrate with Hadoop, the following in ZooKeeperSaslClient would need to > change to make the name configurable: > {{login = new Login("Client",new ClientCallbackHandler(null));}} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira