Security is optional.
If you don't set any SASL protected ACLs on znodes, then the client doesn't
need to authenticate, you should not add any security options to the site file
like you currently are, and the message on startup about the state of JAAS
configuration is informative only and is not relevant to you.
If you don't run with a server that supports security (like 3.3) then again the
message on startup is only informative.
- Andy
On May 31, 2012, at 7:35 PM, Amit Sela <[email protected]> wrote:
> I still don't understand if it is optional to use the security or not ?
>
> if i'll set the following in hbase-site.xml:
>
> <property>
> <name>hbase.zookeeper.property.requireClientAuthScheme</name>
> <value></value>
> <description>Property from ZooKeeper's config zoo.cfg.
> Authentication scheme.
> </description>
> </property>
>
> will it cancel the need of sasl-authentication ?
>
> If I go back to ZooKeeper 3.3.2 (which doesn't support security) - will
> HBase 0.94 and Hadoop 1.0.3 work or must they run with a ZooKeeper that
> supports security ?
>
>
> On Thu, May 31, 2012 at 7:01 PM, Andrew Purtell <[email protected]> wrote:
>
>> See https://cwiki.apache.org/ZOOKEEPER/zookeeper-and-sasl.html
>>
>> For a fully baked (but simple) example configuration, have a look at
>> https://github.com/apurtell/tm-ec2-demo/ . Start with
>>
>> https://github.com/apurtell/tm-ec2-demo/blob/master/bin/image/tarball/setup-remote
>>
>> On Thu, May 31, 2012 at 8:55 AM, Amit Sela <[email protected]> wrote:
>>> Hi all,
>>>
>>> I'm upgrading our cluster with the following versions:
>>> HBase 0.90.2 to 0.94.0
>>> Hadoop 0.20.3 to 1.0.3
>>> zookeeper 3.3.2 to 3.4.3
>>>
>>> As a first step, I'm trying to run some tests on my PC and I get a
>>> SecurityException from zookeeper:
>>> SecurityException: java.lang.SecurityException: Unable to locate a login
>>> configuration occurred when trying to find JAAS configuration.
>>>
>>> From what I understand, this means that I have to create a JAAS
>>> configuration file and place it in the conf under HBASE_HOME.
>>>
>>> First of all, Is there a way to disable the use of the new security
>> feature
>>> - I'm working on a local test cluster for now and I don't really need
>> it...
>>>
>>> If I must use a JAAS conf - could anyone elaborate on how to setup
>>> everything: Kerberos KDC, JAAS Configuration file, where to put
>> everything
>>> and anything else I'm missing here.
>>>
>>> Thanks.
>>
>>
>>
>> --
>> Best regards,
>>
>> - Andy
>>
>> Problems worthy of attack prove their worth by hitting back. - Piet
>> Hein (via Tom White)
>>
