[
https://issues.apache.org/jira/browse/HDFS-5152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13758294#comment-13758294
]
Bikas Saha commented on HDFS-5152:
----------------------------------
Can you please confirm that things work correctly in non-secure mode where the
"login" will essentially be null.
{code}
+ ZooKeeper zk = new ZooKeeper(zkHostPort, zkSessionTimeout, watcher, login);
{code}
How will this be tested? Jenkins will probably not like that the patch has no
tests.
Other than that the change looks fine to me. Caveat is that I am not a security
expert :P
This jira needs to be moved to HADOOP (instead of HDFS) since the Elector is in
hadoop-common.
> Avoiding redundant Kerberos login for Zookeeper client in ActiveStandbyElector
> ------------------------------------------------------------------------------
>
> Key: HDFS-5152
> URL: https://issues.apache.org/jira/browse/HDFS-5152
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
> Attachments: HDFS-5152.patch
>
>
> Based on the fix in HADOOP-8315, it's possible to deploy a secured HA cluster
> with SASL support for connection with Zookeeper. However it requires extra
> configuration for JAAS to initialize the Zookeeper client because the client
> will do another login in it even when ZKFC service actually has already
> passed the Kerberos login during its starting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
