You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Gary Helmling (JIRA)" <ji...@apache.org> on 2015/11/06 01:03:27 UTC
[jira] [Updated] (HBASE-14775) Replication can't authenticate with
peer Zookeeper with different server principal
[ https://issues.apache.org/jira/browse/HBASE-14775?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary Helmling updated HBASE-14775:
----------------------------------
Component/s: security
Replication
> Replication can't authenticate with peer Zookeeper with different server principal
> ----------------------------------------------------------------------------------
>
> Key: HBASE-14775
> URL: https://issues.apache.org/jira/browse/HBASE-14775
> Project: HBase
> Issue Type: Bug
> Components: Replication, security
> Reporter: Gary Helmling
> Assignee: Gary Helmling
>
> When replication is setup with security, where the local ZK cluster and peer ZK cluster use different server principals, the source HBase cluster is unable to authenticate with the peer ZK cluster.
> When ZK is configured for SASL authentication and a server principal other than the default ("zookeeper") is used, the correct server principal must be specified on the client as a system property -- the confusingly named {{zookeeper.sasl.client.username}}. However, since this is given as a system property, authentication with the peer cluster breaks when it uses a different ZK server principal than the local cluster.
> We need a way of tying this setting to the replication peer config and then setting the property when the peer's ZooKeeperWatcher is created.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)