Hi, Even if i enable sasl but md5-diget what should be this property set to, this property only take effect for kerberos or for both?
Ram On Fri, Dec 6, 2019 at 7:55 AM rammohan ganapavarapu < rammohanga...@gmail.com> wrote: > Mate, > > Thank you, I did search source code found the same, I am trying to create > a zoo conf with all default properties. > > Ram > > On Fri, Dec 6, 2019, 2:44 AM Mate Szalay-Beko <msza...@cloudera.com.invalid> > wrote: > >> Hi Ram, >> >> this parameter is needed to be defined when you want to enable secure >> authentication in the communication between ZooKeeper servers. In general, >> the 'principal' is a 'username' what you want your ZooKeeper servers to >> use >> when they talk with each other. Ideally you have a central Kereros service >> somewhere where this principal is already registered. >> A kerberos principal is usually in the form of >> "user_or_service_name/host@realm" (some more explanation: >> https://ssimo.org/blog/id_016.html) >> >> According to the source code, the default value of >> quorum.auth.kerberos.servicePrincipal is "zkquorum/localhost". But I think >> if you don't enable the quorum SASL in ZooKeeper, then this property will >> never be actually used. >> >> Please see this page about SASL in ZooKeeper: >> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+and+SASL >> >> I also found a Cloudera blogpost on the topic: >> >> https://blog.cloudera.com/hardening-apache-zookeeper-security-sasl-quorum-peer-mutual-authentication-and-authorization/ >> >> Cheers, >> Mate >> >> >> On Thu, Dec 5, 2019 at 11:50 PM rammohan ganapavarapu < >> rammohanga...@gmail.com> wrote: >> >> > Hi, >> > >> > What is the default value for this property, if i don't enable sasl >> and if >> > i don't define what will be the value? >> > >> > quorum.auth.kerberos.servicePrincipal >> > >> > Also what does this means "servicename/_HOST" >> > >> > Thanks, >> > Ram >> > >> >
