[ https://issues.apache.org/jira/browse/ZOOKEEPER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15421241#comment-15421241 ]
Guilherme Braccialli commented on ZOOKEEPER-1467: ------------------------------------------------- I had issue with zk client while using custom zookeeper principal name, after looking at apache source code I found it was fixed in Feb/2014. See this PR: https://github.com/apache/zookeeper/commit/843baf56d4d8e120fd516aeb9c04718193bccbe7 All you need to do is to add property below to your java app that uses zookeeper client: -Dzookeeper.sasl.client.username=YOUR-CUSTOM-PRINCIPAL-NAME-FOR-ZK > Server principal on client side is derived using hostname. > ---------------------------------------------------------- > > Key: ZOOKEEPER-1467 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1467 > Project: ZooKeeper > Issue Type: Bug > Components: java client > Affects Versions: 3.4.3, 3.4.4, 3.5.0, 4.0.0 > Reporter: Laxman > Assignee: Eugene Koontz > Priority: Critical > Labels: Security, client, kerberos, sasl > Fix For: 3.5.3, 3.6.0 > > Attachments: ZOOKEEPER-1467.patch, ZOOKEEPER-1467.patch > > > Server principal on client side is derived using hostname. > org.apache.zookeeper.ClientCnxn.SendThread.startConnect() > {code} > try { > zooKeeperSaslClient = new > ZooKeeperSaslClient("zookeeper/"+addr.getHostName()); > } > {code} > This may have problems when admin wanted some customized principals like > zookeeper/cluste...@hadoop.com where clusterid is the cluster identifier but > not the host name. > IMO, server principal also should be configurable as hadoop is doing. -- This message was sent by Atlassian JIRA (v6.3.4#6332)