[ https://issues.apache.org/jira/browse/ZOOKEEPER-3482?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17008690#comment-17008690 ]
Mate Szalay-Beko commented on ZOOKEEPER-3482: --------------------------------------------- I started to work on this... > SASL (Kerberos) Authentication with SSL for clients and Quorum > -------------------------------------------------------------- > > Key: ZOOKEEPER-3482 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3482 > Project: ZooKeeper > Issue Type: Bug > Components: server > Affects Versions: 3.5.5 > Reporter: Jörn Franke > Assignee: Mate Szalay-Beko > Priority: Major > > It seems that Kerberos authentication does not work for encrypted connections > of clients and quorum. It seems that only X509 Authentication works. > What I would have expected: > ClientSecurePort is defined > A keystore and truststore are deployed on the ZooKeeper servers > Only a truststore is deployed with the client (to validate the CA of the > server certificate) > Client can authenticate with SASL (Kerberos) > Similarly, it should work for the Quorum SSL connection. > Is there a way to configure this in ZooKeeper? > > Note: Kerberos Authentication for SSL encrypted connection should be used > instead of X509 authentication for this case and not in addition. However, if > it only works in 3.5.5 in addition then I would be interested and willing to > test it. -- This message was sent by Atlassian Jira (v8.3.4#803005)