Hi, I have a kerberized Zookeeper cluster and would like to add SSL on the client side and to the quorum.
So far the server configuration is clear. However, according to https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide I need to specify on the client side zookeeper.ssl.keyStore.location="/path/to/your/keystore" zookeeper.ssl.keyStore.password="keystore_password" zookeeper.ssl.trustStore.location="/path/to/your/truststore" zookeeper.ssl.trustStore.password="truststore_password" I do understand the need to provide a truststore, but why does the client need a keystore. As far as I understood the keystore is only needed for X509 authentication, but I use the Kerberos authentication. Does it mean the SSL client connection requires X509 authentication and Kerberos is not possible? Can you please clarify? thank you. best regards
