GreenDaySky opened a new issue #847:
URL: https://github.com/apache/incubator-pegasus/issues/847
## Feature Request
**Is your feature request related to a problem? Please describe:**
In our business, pegasus cluster need to connect zookeeper which use
kerberos protocol. I want support it.
**Describe the feature you'd like:**
Before version 2.3, we support it by customized zookeeper c client which
convert java client use JNI. From version 3.7.0, zookeeper support c client use
kerberos. I want to introduce it for pegasus.
Through my test, two parameter is required for 'zookeeper_init_sasl'
different from 'zookeeper_init' which func get handle that represents a
connection to the ZooKeeper service.
- Current implementation
`
_handle = zookeeper_init(zookeeper_session_mgr::instance().zoo_hosts(),
global_watcher,
zookeeper_session_mgr::instance().timeout(),
nullptr,
this,
0);
`
- Support Kerberos implementation
`
zoo_sasl_params_t sasl_params = { 0 };
sasl_params.service ="zookeeper"
sasl_params.mechlist = "GSSAPI";
_handle = zookeeper_init_sasl(zookeeper_session_mgr::instance().zoo_hosts(),
global_watcher,
zookeeper_session_mgr::instance().timeout(),
nullptr,
this,
0,
NULL,
&sasl_params);
`
When we have completed the above initialization and own valid kerberos
ticket, we finised this job. How to get valid kerberos ticket already
implemented on our code (kinit_context.cpp).
Finally, we need to add some configuration items:
1. FLAGS_enable_zookeeper_kerberos
2. FLAGS_zookeeper_kerberos_service_name: It's always zookeeper, but it can
change more
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
