You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Boaz Kelmer (JIRA)" <ji...@apache.org> on 2013/03/13 19:58:16 UTC

[jira] [Created] (ZOOKEEPER-1664) Kerberos auth doesn't work with native platform GSS integration

Boaz Kelmer created ZOOKEEPER-1664:
--------------------------------------

             Summary: Kerberos auth doesn't work with native platform GSS integration
                 Key: ZOOKEEPER-1664
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1664
             Project: ZooKeeper
          Issue Type: Bug
          Components: java client, server
    Affects Versions: 3.4.5
         Environment: Linux (and likely also Solaris).
            Reporter: Boaz Kelmer


Java on Linux/Solaris can be set up to use the native (via C library)
GSS implementation. This is configured by setting the system property
   sun.security.jgss.native=true
When using this feature, ZooKeeper Sasl/JGSS authentication doesn't work.
The reason is explained in
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html

"""
[when using native GSS...]
In addition, when performing operations as a particular Subject, e.g. 
Subject.doAs(...) or Subject.doAsPrivileged(...), the to-be-used 
GSSCredential should be added to Subject's private credential set. 
Otherwise, the GSS operations will fail since no credential is found.
"""

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira