Hi, Here at Salesforce we're trying to roll out ZK to production for coordinating our search service. One of our requirements is to use Kerberos auth for ZK <---> client communication. While it seems that on the ZK server side enabling Kerb auth is straightforward with config options as given here <http://www.cloudera.com/content/cloudera/en/documentation/cdh4/v4-2-2/CDH4-Security-Guide/cdh4sg_topic_11_1.html> by setting up a JAAS config file with a "Server" section. OTOH I haven't been able to find anything other than this <https://ambari.apache.org/1.2.5/installing-hadoop-using-ambari/content/ambari-kerb-2-3-2-2.html> for the client side, which indicates that having a "Client" section in the JAAS config might be enough.
Looking at the code I see that the ClientCnxn class does have a switch in startConnect() that uses ZooKeeperSaslClient. My question is, is setting the JAAS conf file sufficient to use the ZK client library to connect to a Kerberised ZK ensemble or is specific code also needed. In the case of the latter, could someone point me to, e.g., HBase code that does this authenticated connection? TIA, Irfan.
