[jira] [Commented] (ZOOKEEPER-1373) Hardcoded SASL login context name clashes with Hadoop security configuration override

Tue, 07 Feb 2012 15:05:23 -0800 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13202912#comment-13202912
 ] 

Thomas Weise commented on ZOOKEEPER-1373:
-----------------------------------------

Tried the 3.4.3-rc and it works as expected. Update on the originally reported 
Hadoop integration issue:

With Hadoop 1.0, ZooKeeper client as of 3.4.2 with the default configuration 
will work, because Hadoop no longer hijacks the global javax.security 
configuration. See HADOOP-7853

With earlier Hadoop versions, the changes made here will permit to reuse the 
configuration set by Hadoop.

                
> Hardcoded SASL login context name clashes with Hadoop security configuration 
> override
> -------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-1373
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1373
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client
>    Affects Versions: 3.4.2
>            Reporter: Thomas Weise
>            Assignee: Eugene Koontz
>             Fix For: 3.4.3, 3.5.0
>
>         Attachments: ZOOKEEPER-1373-TW_3_4.patch, ZOOKEEPER-1373.patch, 
> ZOOKEEPER-1373.patch, ZOOKEEPER-1373.patch, ZOOKEEPER-1373.patch, 
> ZOOKEEPER-1373.patch, ZOOKEEPER-1373.patch
>
>
> I'm trying to configure a process with Hadoop security (Hive metastore 
> server) to talk to ZooKeeper 3.4.2 with Kerberos authentication. In this 
> scenario Hadoop controls the SASL configuration 
> (org.apache.hadoop.security.UserGroupInformation.HadoopConfiguration), 
> instead of setting up the ZooKeeper "Client" loginContext via jaas.conf and 
> system property 
> {{-Djava.security.auth.login.config}}
> Using the Hadoop configuration would work, except that ZooKeeper client code 
> expects the loginContextName to be "Client" while Hadoop security will use  
> "hadoop-keytab-kerberos". I verified that by changing the name in the 
> debugger the SASL authentication succeeds while otherwise the login 
> configuration cannot be resolved and the connection to ZooKeeper is 
> unauthenticated. 
> To integrate with Hadoop, the following in ZooKeeperSaslClient would need to 
> change to make the name configurable:
>      {{login = new Login("Client",new ClientCallbackHandler(null));}}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to