Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-1467

Make server principal configurable at client side.

    XMLWordPrintableJSON

Details

    • Allow system property "zookeeper.clusterName", if defined, to be used as the instance portion of zookeeper server's Kerberos principal name. Otherwise, server's hostname will be used.

    Description

      Server principal on client side is derived using hostname.

      org.apache.zookeeper.ClientCnxn.SendThread.startConnect()

                 try {
                zooKeeperSaslClient = new ZooKeeperSaslClient("zookeeper/"+addr.getHostName());
            }

      This may have problems when admin wanted some customized principals like zookeeper/clusterid@HADOOP.COM where clusterid is the cluster identifier but not the host name.

      IMO, server principal also should be configurable as hadoop is doing.

      Attachments

        1. ZOOKEEPER-1467.patch
          3 kB
          Eugene Joseph Koontz
        2. ZOOKEEPER-1467.patch
          1 kB
          Eugene Joseph Koontz

        Issue Links

          blocks

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-1697 Discretionary access control

          • Major - Major loss of function.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. ZOOKEEPER-2139 Support multiple ZooKeeper client, with different configurations, in a single JVM

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-4791 Allow Secure Zookeeper JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. ZOOKEEPER-2433 ZooKeeperSaslServer: allow user principals in subject

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-1373 Hardcoded SASL login context name clashes with Hadoop security configuration override

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. ZOOKEEPER-1420 Kerberos principal to user mapping / authorization

          • Major - Major loss of function.
          • Open
          requires

          Improvement - An improvement or enhancement to an existing feature or task. ZOOKEEPER-2257 Make zookeeper server principal configurable at zookeeper client side

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #1099

          Web Link GitHub Pull Request #1104

          Activity

            People

              sujithsimon22 Sujith Simon
              lakshman Laxman
              Votes:
              0 Vote for this issue
              Watchers:
              18 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2h 20m
                  2h 20m