[
https://issues.apache.org/jira/browse/ZOOKEEPER-1373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13201209#comment-13201209
]
Hudson commented on ZOOKEEPER-1373:
-----------------------------------
Integrated in ZooKeeper-trunk #1451 (See
[https://builds.apache.org/job/ZooKeeper-trunk/1451/])
ZOOKEEPER-1373. Hardcoded SASL login context name clashes with Hadoop
security configuration override. (Eugene Koontz and Thomas Weise via mahadev)
mahadev :
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1240918
Files :
* /zookeeper/trunk/CHANGES.txt
* /zookeeper/trunk/src/java/main/org/apache/zookeeper/ClientCnxn.java
* /zookeeper/trunk/src/java/main/org/apache/zookeeper/Login.java
*
/zookeeper/trunk/src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java
*
/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java
*
/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthFailDesignatedClientTest.java
*
/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthMissingClientConfigTest.java
> Hardcoded SASL login context name clashes with Hadoop security configuration
> override
> -------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-1373
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1373
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.2
> Reporter: Thomas Weise
> Assignee: Eugene Koontz
> Fix For: 3.4.3, 3.5.0
>
> Attachments: ZOOKEEPER-1373-TW_3_4.patch, ZOOKEEPER-1373.patch,
> ZOOKEEPER-1373.patch, ZOOKEEPER-1373.patch, ZOOKEEPER-1373.patch,
> ZOOKEEPER-1373.patch, ZOOKEEPER-1373.patch
>
>
> I'm trying to configure a process with Hadoop security (Hive metastore
> server) to talk to ZooKeeper 3.4.2 with Kerberos authentication. In this
> scenario Hadoop controls the SASL configuration
> (org.apache.hadoop.security.UserGroupInformation.HadoopConfiguration),
> instead of setting up the ZooKeeper "Client" loginContext via jaas.conf and
> system property
> {{-Djava.security.auth.login.config}}
> Using the Hadoop configuration would work, except that ZooKeeper client code
> expects the loginContextName to be "Client" while Hadoop security will use
> "hadoop-keytab-kerberos". I verified that by changing the name in the
> debugger the SASL authentication succeeds while otherwise the login
> configuration cannot be resolved and the connection to ZooKeeper is
> unauthenticated.
> To integrate with Hadoop, the following in ZooKeeperSaslClient would need to
> change to make the name configurable:
> {{login = new Login("Client",new ClientCallbackHandler(null));}}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
