Hi Ram, this parameter is needed to be defined when you want to enable secure authentication in the communication between ZooKeeper servers. In general, the 'principal' is a 'username' what you want your ZooKeeper servers to use when they talk with each other. Ideally you have a central Kereros service somewhere where this principal is already registered. A kerberos principal is usually in the form of "user_or_service_name/host@realm" (some more explanation: https://ssimo.org/blog/id_016.html)
According to the source code, the default value of quorum.auth.kerberos.servicePrincipal is "zkquorum/localhost". But I think if you don't enable the quorum SASL in ZooKeeper, then this property will never be actually used. Please see this page about SASL in ZooKeeper: https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+and+SASL I also found a Cloudera blogpost on the topic: https://blog.cloudera.com/hardening-apache-zookeeper-security-sasl-quorum-peer-mutual-authentication-and-authorization/ Cheers, Mate On Thu, Dec 5, 2019 at 11:50 PM rammohan ganapavarapu < [email protected]> wrote: > Hi, > > What is the default value for this property, if i don't enable sasl and if > i don't define what will be the value? > > quorum.auth.kerberos.servicePrincipal > > Also what does this means "servicename/_HOST" > > Thanks, > Ram >
