Gary Helmling created HBASE-14775:
-------------------------------------
Summary: Replication can't authenticate with peer Zookeeper with
different server principal
Key: HBASE-14775
URL: https://issues.apache.org/jira/browse/HBASE-14775
Project: HBase
Issue Type: Bug
Reporter: Gary Helmling
Assignee: Gary Helmling
When replication is setup with security, where the local ZK cluster and peer ZK
cluster use different server principals, the source HBase cluster is unable to
authenticate with the peer ZK cluster.
When ZK is configured for SASL authentication and a server principal other than
the default ("zookeeper") is used, the correct server principal must be
specified on the client as a system property -- the confusingly named
{{zookeeper.sasl.client.username}}. However, since this is given as a system
property, authentication with the peer cluster breaks when it uses a different
ZK server principal than the local cluster.
We need a way of tying this setting to the replication peer config and then
setting the property when the peer's ZooKeeperWatcher is created.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
