Hardcoded SASL login context name clashes with Hadoop security configuration
override
-------------------------------------------------------------------------------------
Key: ZOOKEEPER-1373
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1373
Project: ZooKeeper
Issue Type: Bug
Components: java client
Affects Versions: 3.4.2
Reporter: Thomas Weise
I'm trying to configure a process with Hadoop security (Hive metastore server)
to talk to ZooKeeper 3.4.2 with Kerberos authentication. In this scenario
Hadoop controls the SASL configuration
(org.apache.hadoop.security.UserGroupInformation.HadoopConfiguration), instead
of setting up the ZooKeeper "Client" loginContext via jaas.conf and system
property
{{-Djava.security.auth.login.config}}
Using the Hadoop configuration would work, except that ZooKeeper client code
expects the loginContextName to be "Client" while Hadoop security will use
"hadoop-keytab-kerberos". I verified that by changing the name in the debugger
the SASL authentication succeeds while otherwise the login configuration cannot
be resolved and the connection to ZooKeeper is unauthenticated.
To integrate with Hadoop, the following in ZooKeeperSaslClient would need to
change to make the name configurable:
{{login = new Login("Client",new ClientCallbackHandler(null));}}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
