For enabling kerberos for zookeeper, we need to follow the below steps:
1) Setup external zookeeper.
2) create file conf/jaas.conf which will contain server keytab and principal.
Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/zookeeper/conf/zkpr.keytab"
storeKey=true
useTicketCache=false
principal="zookeeper/localhost@EXAMPLE.COM";
};
3) create file conf/java.env
export JVMFLAGS="-Djava.security.auth.login.config=/zookeeper/conf/jaas.conf"
export JAVA_HOME=${JAVA_HOME}
4) modify zonf/zoo.cfg
tickTime = 2000
dataDir = /zookeeper_data
clientPort = 2181
initLimit = 5
syncLimit = 2
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
jaasLoginRenew=3600000
5) kinit with your principal and keytab:
kinit <PRINCIPAL> -k -t <PATH_TO_KEYTAB>
6) restart zookeeper
1) Setup external zookeeper.
2) create file conf/jaas.conf which will contain server keytab and principal.
Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/zookeeper/conf/zkpr.keytab"
storeKey=true
useTicketCache=false
principal="zookeeper/localhost@EXAMPLE.COM";
};
3) create file conf/java.env
export JVMFLAGS="-Djava.security.auth.login.config=/zookeeper/conf/jaas.conf"
export JAVA_HOME=${JAVA_HOME}
4) modify zonf/zoo.cfg
tickTime = 2000
dataDir = /zookeeper_data
clientPort = 2181
initLimit = 5
syncLimit = 2
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
jaasLoginRenew=3600000
5) kinit with your principal and keytab:
kinit <PRINCIPAL> -k -t <PATH_TO_KEYTAB>
6) restart zookeeper
You are ready to use kerberos enabled zookeeper!!!
Thursday
// //
0
comments
//
Powered by Blogger.
