[
https://issues.apache.org/jira/browse/ZOOKEEPER-2159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14511250#comment-14511250
]
Yuliya Feldman commented on ZOOKEEPER-2159:
-------------------------------------------
Thank you Eugene
Here is JAAS config I used for Kerberos testing.
Additional property is
authMech="GSSAPI"
{code}
Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="path_to_keytab"
storeKey=true
useTicketCache=false
debug=true
authMech="GSSAPI"
principal="principal";
};
Client {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
renewTGT=true
authMech="GSSAPI"
debug=true
doNotPrompt=true;
};
{code}
Please do let me know results of your testing, since I also tested it with
Kerberos setup.
> Pluggable SASL Authentication
> -----------------------------
>
> Key: ZOOKEEPER-2159
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2159
> Project: ZooKeeper
> Issue Type: Improvement
> Components: java client, server
> Reporter: Yuliya Feldman
> Assignee: Yuliya Feldman
> Attachments: PluggableZookeeperAuthentication (1).pdf,
> PluggableZookeeperAuthentication.pdf
>
>
> Today SASLAuthenticationProvider is used for all SASL based authentications
> which creates some "if/else" statements in ZookeeperSaslClient and
> ZookeeperSaslServer code with just Kerberos and Digest.
> We want to use yet another different SASL based authentication and adding one
> more "if/else" with some code specific just to that new way does not make
> much sense.
> Proposal is to allow to plug custom SASL Authentication mechanism(s) without
> further changes in Zookeeper code.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
