Thanks. Can you please share the configuration file? I tried with 3.5.5 - without SSL Kerberos works, but once I configured client ssl it said authentication fail (I have to check if I can dig up the log files) and as far as I remember this was related to x509 authentication. The certificate and truststore themselves are fine (I think I needed to convert the truststore to jks). Sorry it was some time ago, I should have separated the log files. For me it did not matter that the ports are separated, but it worked on the non-ssl port fine.
> Am 06.11.2019 um 23:08 schrieb Enrico Olivelli <eolive...@gmail.com>: > > Jorn, > IIRC in my company we set up some ZK with TLS and SASL, using TLS for > encryption and SASL for auth. > We were using early 3.5.3 or something like that. > > Do you have a specific error? > > I can also add that in 3.6.0 we will have port-unification, this way you > can configure only one client port and accept plain text and TLS connection > from clients (this helps the ttransition to TLS) > > Enrico > > Il mer 6 nov 2019, 22:28 Jörn Franke <jornfra...@gmail.com> ha scritto: > >> Dear all, >> >> it seems that ZooKeeper 3.5 with SSL enabled does not support Kerberos >> authentication, but only X509 authentication. Kerberos is used in many >> Enterprise environments and is supported by Apache Solr. Is this a bug? Or >> am I missing something? >> >> >> I created a Jira for this: >> https://issues.apache.org/jira/browse/ZOOKEEPER-3482 >> >> >> thank you. >> >> best regards >>