Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-1373

Hardcoded SASL login context name clashes with Hadoop security configuration override

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.4.2
    • Fix Version/s: 3.4.3, 3.5.0
    • Component/s: java client
    • Labels:
      None

      Description

      I'm trying to configure a process with Hadoop security (Hive metastore server) to talk to ZooKeeper 3.4.2 with Kerberos authentication. In this scenario Hadoop controls the SASL configuration (org.apache.hadoop.security.UserGroupInformation.HadoopConfiguration), instead of setting up the ZooKeeper "Client" loginContext via jaas.conf and system property

      -Djava.security.auth.login.config

      Using the Hadoop configuration would work, except that ZooKeeper client code expects the loginContextName to be "Client" while Hadoop security will use "hadoop-keytab-kerberos". I verified that by changing the name in the debugger the SASL authentication succeeds while otherwise the login configuration cannot be resolved and the connection to ZooKeeper is unauthenticated.

      To integrate with Hadoop, the following in ZooKeeperSaslClient would need to change to make the name configurable:

      login = new Login("Client",new ClientCallbackHandler(null));

        Attachments

        1. ZOOKEEPER-1373.patch
          5 kB
          Eugene Koontz
        2. ZOOKEEPER-1373-TW_3_4.patch
          3 kB
          Thomas Weise
        3. ZOOKEEPER-1373.patch
          14 kB
          Eugene Koontz
        4. ZOOKEEPER-1373.patch
          23 kB
          Eugene Koontz
        5. ZOOKEEPER-1373.patch
          23 kB
          Eugene Koontz
        6. ZOOKEEPER-1373.patch
          28 kB
          Eugene Koontz
        7. ZOOKEEPER-1373.patch
          28 kB
          Eugene Koontz

          Issue Links

            Activity

              People

              • Assignee:
                ekoontz Eugene Koontz
                Reporter:
                thw Thomas Weise
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: