For enabling kerberos for zookeeper, we need to follow the below steps:

1) Setup external zookeeper.

2) create file conf/jaas.conf which will contain server keytab and principal.

Server {
  com.sun.security.auth.module.Krb5LoginModule required
  useKeyTab=true
  keyTab="/zookeeper/conf/zkpr.keytab"
  storeKey=true
  useTicketCache=false
  principal="zookeeper/localhost@EXAMPLE.COM";
};

3) create file conf/java.env

export JVMFLAGS="-Djava.security.auth.login.config=/zookeeper/conf/jaas.conf"
export JAVA_HOME=${JAVA_HOME}

4) modify zonf/zoo.cfg

tickTime = 2000
dataDir = /zookeeper_data
clientPort = 2181
initLimit = 5
syncLimit = 2
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
jaasLoginRenew=3600000

5) kinit with your principal and keytab:

kinit <PRINCIPAL> -k -t <PATH_TO_KEYTAB>

6) restart zookeeper



You are ready to use kerberos enabled zookeeper!!!

Read more

Powered by Blogger.