When Kerberos decides it doesn't want to work, the JRE libraries provide some terse and unhelpful error messages.
The only way to debug the problem is (a) to have complete stack traces and (b) as much related information as possible.
Zookeeper could do more here. Currently too much of the code loses stack traces; sometimes auth errors aren't reported back to the client (the connection is closed) +others
Everyone who has tried to diagnose kerberos problems will appreciate improvements here
|ServerCnxnFactory.configureSaslLogin() loses stack trace on auth failures||Open||Unassigned|