Il mar 30 lug 2019, 20:49 Jörn Franke <jornfra...@gmail.com> ha scritto:
> Hi, > > I have a kerberized Zookeeper cluster and would like to add SSL on the > client side and to the quorum. > > So far the server configuration is clear. However, according to > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide > > I need to specify on the client side > zookeeper.ssl.keyStore.location="/path/to/your/keystore" > zookeeper.ssl.keyStore.password="keystore_password" > zookeeper.ssl.trustStore.location="/path/to/your/truststore" > zookeeper.ssl.trustStore.password="truststore_password" > > I do understand the need to provide a truststore, but why does the client > need a keystore. As far as I understood the keystore is only needed for > X509 authentication, but I use the Kerberos authentication. > Your question is fair. Did you try not to configure a keystore for the client? Enrico > Does it mean the SSL client connection requires X509 authentication and > Kerberos is not possible? > Can you please clarify? > > thank you. > > best regards >