[jira] [Comment Edited] (SLIDER-560) Add default secured appConfig.json file to application packages

Mon, 27 Oct 2014 10:20:03 -0700 

    [ 
https://issues.apache.org/jira/browse/SLIDER-560?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14183156#comment-14183156
 ] 

Sriharsha Chintalapani edited comment on SLIDER-560 at 10/27/14 5:17 PM:
-------------------------------------------------------------------------

[~jmaron]
"site.storm-site.storm.zookeeper.superACL": "sasl:stormcllient" // This should 
be replaced by Client principal in storm_jaas.conf
This part is very important in storm_jaas.conf
"site.storm-site.storm.zookeeper.superACL": "sasl:nimbus" as per the "Client" 
principal
and users are required to provide these in zoo.cfg
kerberos.removeHostFromPrincipal = true
kerberos.removeRealmFromPrincipal = true
If those are not in zoo.cfg
than "site.storm-site.storm.zookeeper.superACL": "[email protected]"
StormServer {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/vagrant/keytabs/storm.keytab"
   storeKey=true
   useTicketCache=true
   renewTGT=true
   principal="nimbus/[email protected]";
};
StormClient {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/vagrant/keytabs/storm.keytab"
   storeKey=true
   useTicketCache=true
   renewTGT=true
   serviceName="nimbus"
   debug=true
   principal="[email protected]";
};
Client {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/vagrant/keytabs/storm.keytab"
   storeKey=true
   useTicketCache=false
   serviceName="zookeeper"
   principal="[email protected]";
};




was (Author: sriharsha):
[~jmaron]
"site.storm-site.storm.zookeeper.superACL": "sasl:storm" // This should be 
replaced by Client principal in storm_jaas.conf
This part is very important in storm_jaas.conf
"site.storm-site.storm.zookeeper.superACL": "sasl:nimbus" as per the "Client" 
principal
and users are required to provide these in zoo.cfg
kerberos.removeHostFromPrincipal = true
kerberos.removeRealmFromPrincipal = true
If those are not in zoo.cfg
than "site.storm-site.storm.zookeeper.superACL": 
"nimbus/[email protected]"
StormServer {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/vagrant/keytabs/storm.keytab"
   storeKey=true
   useTicketCache=true
   renewTGT=true
   principal="nimbus/[email protected]";
};
StormClient {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/vagrant/keytabs/storm.keytab"
   storeKey=true
   useTicketCache=true
   renewTGT=true
   serviceName="nimbus"
   debug=true
   principal="[email protected]";
};
Client {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/vagrant/keytabs/storm.keytab"
   storeKey=true
   useTicketCache=false
   serviceName="zookeeper"
   debug=true
   principal="nimbus/[email protected]";
};



> Add default secured appConfig.json file to application packages
> ---------------------------------------------------------------
>
>                 Key: SLIDER-560
>                 URL: https://issues.apache.org/jira/browse/SLIDER-560
>             Project: Slider
>          Issue Type: Bug
>          Components: app-package
>    Affects Versions: Slider 0.50
>            Reporter: Sumit Mohanty
>            Assignee: Jonathan Maron
>             Fix For: Slider 0.60
>
>         Attachments: SLIDER-560.001.patch, SLIDER-560.002.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to