[
https://issues.apache.org/jira/browse/HBASE-14775?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17813880#comment-17813880
]
Duo Zhang commented on HBASE-14775:
-----------------------------------
Is this still a problem since ZOOKEEPER-2139 is done?
> Replication can't authenticate with peer Zookeeper with different server
> principal
> ----------------------------------------------------------------------------------
>
> Key: HBASE-14775
> URL: https://issues.apache.org/jira/browse/HBASE-14775
> Project: HBase
> Issue Type: Bug
> Components: Replication, security
> Reporter: Gary Helmling
> Priority: Major
>
> When replication is setup with security, where the local ZK cluster and peer
> ZK cluster use different server principals, the source HBase cluster is
> unable to authenticate with the peer ZK cluster.
> When ZK is configured for SASL authentication and a server principal other
> than the default ("zookeeper") is used, the correct server principal must be
> specified on the client as a system property -- the confusingly named
> {{zookeeper.sasl.client.username}}. However, since this is given as a system
> property, authentication with the peer cluster breaks when it uses a
> different ZK server principal than the local cluster.
> We need a way of tying this setting to the replication peer config and then
> setting the property when the peer's ZooKeeperWatcher is created.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
