[
https://issues.apache.org/jira/browse/ZOOKEEPER-2860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16135043#comment-16135043
]
Andrey commented on ZOOKEEPER-2860:
---
I've created kerberos account and attached several SPN to it. (this is a valid
setup). However when I tried to use sample configuration from the documentation
i've got "Client not found in Kerberos database" error from Kerberos. That's
because server was trying to acquire TGT, which is not required. And for TGT it
needs service account, not SPN.
> Update sample server jaas config for kerberos auth
> --
>
> Key: ZOOKEEPER-2860
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2860
> Project: ZooKeeper
> Issue Type: Bug
> Components: documentation
>Reporter: Andrey
>
> Currently sample server jaas configuration for kerberos contains:
> {code}
> principal="zookeeper/yourzkhostname"
> {code}
> Background on why "princinpal=SPN" and "isInitiator=true" won't work is here:
> https://dmdaa.wordpress.com/2010/03/27/the-impact-of-isinitiator-on-jaas-login-configuration-and-the-role-if-spn/
> Expected:
> {code}
>isInitiator=false
>principal="zookeeper/yourzkhostname";
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
