[jira] [Updated] (ZOOKEEPER-1664) Kerberos auth doesn't work with native platform GSS integration

["Boaz Kelmer (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-1664?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Boaz Kelmer updated ZOOKEEPER-1664:
-----------------------------------

    Attachment: ZOOKEEPER-1664.patch

FWIW, the attached patch fixes the issue.
                
> Kerberos auth doesn't work with native platform GSS integration
> ---------------------------------------------------------------
>
>                 Key: ZOOKEEPER-1664
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1664
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client, server
>    Affects Versions: 3.4.5
>         Environment: Linux (and likely also Solaris).
>            Reporter: Boaz Kelmer
>         Attachments: ZOOKEEPER-1664.patch
>
>
> Java on Linux/Solaris can be set up to use the native (via C library)
> GSS implementation. This is configured by setting the system property
>    sun.security.jgss.native=true
> When using this feature, ZooKeeper Sasl/JGSS authentication doesn't work.
> The reason is explained in
> http://docs.oracle.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
> """
> [when using native GSS...]
> In addition, when performing operations as a particular Subject, e.g. 
> Subject.doAs(...) or Subject.doAsPrivileged(...), the to-be-used 
> GSSCredential should be added to Subject's private credential set. 
> Otherwise, the GSS operations will fail since no credential is found.
> """

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira