[
https://issues.apache.org/jira/browse/HDFS-5152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13758693#comment-13758693
]
Kai Zheng commented on HDFS-5152:
---------------------------------
In non-secure mode login is null and the behavior stays with the same as
previous. Relevant unit tests for Zookeeper with login being null or not null
are covered in ZOOKEEPER-1749. I have tested this patch manually with its deps
in a secured HA cluster and it works fine. I would give it more test in
non-secure HA cluster and will update the patch if necessary.
I agree we move it to HADOOP. Would you help with that? Thanks.
> Avoiding redundant Kerberos login for Zookeeper client in ActiveStandbyElector
> ------------------------------------------------------------------------------
>
> Key: HDFS-5152
> URL: https://issues.apache.org/jira/browse/HDFS-5152
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
> Attachments: HDFS-5152.patch
>
>
> Based on the fix in HADOOP-8315, it's possible to deploy a secured HA cluster
> with SASL support for connection with Zookeeper. However it requires extra
> configuration for JAAS to initialize the Zookeeper client because the client
> will do another login in it even when ZKFC service actually has already
> passed the Kerberos login during its starting.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
