[ZOOKEEPER-1664] Kerberos auth doesn't work with native platform GSS integration - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.5, 3.5.0
Fix Version/s: None
Component/s: java client, server
Labels:
None
Environment:

Linux (and likely also Solaris).

Description

Java on Linux/Solaris can be set up to use the native (via C library)
GSS implementation. This is configured by setting the system property
sun.security.jgss.native=true
When using this feature, ZooKeeper Sasl/JGSS authentication doesn't work.
The reason is explained in
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html

"""
[when using native GSS...]
In addition, when performing operations as a particular Subject, e.g.
Subject.doAs(...) or Subject.doAsPrivileged(...), the to-be-used
GSSCredential should be added to Subject's private credential set.
Otherwise, the GSS operations will fail since no credential is found.
"""

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ZOOKEEPER-1664.patch
08/Sep/13 19:00
9 kB
Camille Fournier
ZOOKEEPER-1664.patch
06/Sep/13 20:13
8 kB
Camille Fournier
ZOOKEEPER-1664.patch
13/Mar/13 19:01
7 kB
Boaz Kelmer

Activity

People

Assignee:: Unassigned

Reporter:: Boaz Kelmer

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 13/Mar/13 18:58

Updated:: 11/Sep/13 22:00

Resolved:: 11/Sep/13 22:00