Pundu,
The password to use would be the "root" user's password that you set
when calling `accumulo init`. A limitation of the SSL approach is that
it only uses sets up a secure RPC, it isn't a "complete" security
implementation (as you might get with Kerberos in 1.7).
Sadly, the error messages for SSL are very sparse when the client fails
to negotiate the handshake with a server. With the Accumulo shell, you
can try passing in the --debug option to get more information.
Alternatively, try turning up org.apache.accumulo.core.client to DEBUG
or TRACE in $ACCUMULO_CONF_DIR/log4j.properties.
- Josh
pundu tech wrote:
I have a SSL enabled-accumulo setup.
I have followed:
https://blogs.apache.org/accumulo/entry/generating_keystores_for_configuring_accumulo
to the teeth and as far as my undersatnding goes on SSL it is all correct.
I have created a $ACCUMULO_HOME/conf/client.conf with the following
properties
INSTANCE_NAME=accumulo
INSTANCE_RPC_SSL_ENABLED=true
NSTANCE_RPC_SSL_CLIENT_AUTH=true
INSTANCE_ZK_HOST=host1
RPC_SSL_TRUSTSTORE_PATH=/home/hadoop/truststore.jks
RPC_SSL_TRUSTSTORE_TYPE=JKS
RPC_SSL_TRUSTSTORE_PASSWORD=mypass
RPC_SSL_KEYSTORE_PATH=/home/hadoop/server.jks
RPC_SSL_KEYSTORE_TYPE=JKS
RPC_SSL_KEYSTORE_PASSWORD=mypass
but when I try to connect via shell I am prompted for a password. Which
password is this? It does not seem to be the tracer password (which user
is "root").
./accumulo shell -u root
/usr/local/zookeeper-3.4.6
/usr/local/jdk1.7.0_79
Password: ----> ?
Thanks
pundu tech
