Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3482

SASL (Kerberos) Authentication with SSL for clients and Quorum

    XMLWordPrintableJSON

Details

    Description

      It seems that Kerberos authentication does not work for encrypted connections of clients and quorum. It seems that only X509 Authentication works.

      What I would have expected:

      ClientSecurePort is defined

      A keystore and truststore are deployed on the ZooKeeper servers

      Only a truststore is deployed with the client (to validate the CA of the server certificate)

      Client can authenticate with SASL (Kerberos)

      Similarly, it should work for the Quorum SSL connection.

      Is there a way to configure this in ZooKeeper?

       

      Note: Kerberos Authentication for SSL encrypted connection should be used instead of X509 authentication for this case and not in addition. However, if it only works in 3.5.5 in addition then I would be interested and willing to test it.

      Attachments

        Issue Links

          relates to

          Sub-task - The sub-task of the issue SOLR-7893 Document ZooKeeper SSL support

          • Major - Major loss of function.
          • Reopened
          links to

          Web Link GitHub Pull Request #1204

          Web Link GitHub Pull Request #1205

          Activity

            People

              symat Mate Szalay-Beko
              jornfranke Jörn Franke
              Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2h
                  2h