I recommend you turn on as much debugging as is available, add debug=true to your Server jaas config, and add "-Dsun.security.krb5.debug=true" when starting any jvm. That will ensure you get as much detail as the security logging has available.
Patrick On Thu, Jul 21, 2016 at 1:12 PM, Michael Han <[email protected]> wrote: > 'No key to store' implies the keytab file is either not present or is > invalid. I'd suggest validate the keytab file out of the context of > zookeeper (for example using kinit) and check if it's valid. > > On Thu, Jul 21, 2016 at 10:13 AM, Aneela Saleem <[email protected]> > wrote: > > > Hi, > > > > I have configured zookeeper to work with kerberos. I have added following > > principal. > > zkcli/hadoop-master@platalyticsrealm > > > > Here are contents of my jaas.conf > > > > Server { > > com.sun.security.auth.module.Krb5LoginModule required > > useKeyTab=true > > keyTab="/etc/hadoop/conf/zk.keytab" > > storeKey=true > > useTicketCache=false > > principal="zookeeper/hadoop-master@platalyticsrealm"; > > }; > > Client { > > com.sun.security.auth.module.Krb5LoginModule required > > useKeyTab=true > > keyTab="/etc/hadoop/conf/zkcli.keytab" > > storeKey=true > > useTicketCache=true > > principal="zkcli@platalyticsrealm" > > debug=true; > > }; > > > > > > When i run zookeeper client using the command > > *./zkCli.sh -server hadoop-master:2181* > > > > it produces following exception > > > > SASL configuration failed: javax.security.auth.login.LoginException: No > > key to store Will continue connection to Zookeeper server without SASL > > authentication, if Zookeeper server allows it. > > > > Any suggestions > > > > Thanks > > > > > > -- > Cheers > Michael. >
