[
https://issues.apache.org/jira/browse/ZOOKEEPER-1373?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eugene Koontz updated ZOOKEEPER-1373:
-------------------------------------
Attachment: ZOOKEEPER-1373.patch
Fix bug and add new test file: SaslAuthDesignatedClientTest.java with one test.
> Hardcoded SASL login context name clashes with Hadoop security configuration
> override
> -------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-1373
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1373
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.2
> Reporter: Thomas Weise
> Assignee: Eugene Koontz
> Fix For: 3.5.0
>
> Attachments: ZOOKEEPER-1373.patch
>
>
> I'm trying to configure a process with Hadoop security (Hive metastore
> server) to talk to ZooKeeper 3.4.2 with Kerberos authentication. In this
> scenario Hadoop controls the SASL configuration
> (org.apache.hadoop.security.UserGroupInformation.HadoopConfiguration),
> instead of setting up the ZooKeeper "Client" loginContext via jaas.conf and
> system property
> {{-Djava.security.auth.login.config}}
> Using the Hadoop configuration would work, except that ZooKeeper client code
> expects the loginContextName to be "Client" while Hadoop security will use
> "hadoop-keytab-kerberos". I verified that by changing the name in the
> debugger the SASL authentication succeeds while otherwise the login
> configuration cannot be resolved and the connection to ZooKeeper is
> unauthenticated.
> To integrate with Hadoop, the following in ZooKeeperSaslClient would need to
> change to make the name configurable:
> {{login = new Login("Client",new ClientCallbackHandler(null));}}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
