You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Boaz Kelmer (JIRA)" <ji...@apache.org> on 2013/03/13 19:58:16 UTC
[jira] [Created] (ZOOKEEPER-1664) Kerberos auth doesn't work with
native platform GSS integration
Boaz Kelmer created ZOOKEEPER-1664:
--------------------------------------
Summary: Kerberos auth doesn't work with native platform GSS integration
Key: ZOOKEEPER-1664
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1664
Project: ZooKeeper
Issue Type: Bug
Components: java client, server
Affects Versions: 3.4.5
Environment: Linux (and likely also Solaris).
Reporter: Boaz Kelmer
Java on Linux/Solaris can be set up to use the native (via C library)
GSS implementation. This is configured by setting the system property
sun.security.jgss.native=true
When using this feature, ZooKeeper Sasl/JGSS authentication doesn't work.
The reason is explained in
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
"""
[when using native GSS...]
In addition, when performing operations as a particular Subject, e.g.
Subject.doAs(...) or Subject.doAsPrivileged(...), the to-be-used
GSSCredential should be added to Subject's private credential set.
Otherwise, the GSS operations will fail since no credential is found.
"""
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira