Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

ZooKeeper kerberos Server Authentication issue

Labels:
avatar
author-rank Vij
New Contributor

Created on ‎10-15-2019 07:55 AM - last edited on ‎10-15-2019 09:14 AM by Community Manager Community Manager

getting this exception while brining up the Zkservers

 

ERROR 2019-10-15 10:31:44,851 [main] QuorumPeerMain - Unexpected exception, exiting abnormally
javax.security.sasl.SaslException: Failed to initialize authentication mechanism using SASL [Caused by javax.security.auth.login.LoginException: SASL-authentication failed because the specified JAAS configuration section 'QuorumServer' could not be found.]
at org.apache.zookeeper.server.quorum.auth.SaslQuorumAuthServer.<init>(SaslQuorumAuthServer.java:68)
at org.apache.zookeeper.server.quorum.QuorumPeer.initialize(QuorumPeer.java:886)
at org.apache.zookeeper.server.quorum.QuorumPeerMain.runFromConfig(QuorumPeerMain.java:203)
at org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:123)
at org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:82)
Caused by: javax.security.auth.login.LoginException: SASL-authentication failed because the specified JAAS configuration section 'QuorumServer' could not be found.
at org.apache.zookeeper.server.quorum.auth.SaslQuorumAuthServer.<init>(SaslQuorumAuthServer.java:59)

4,450 Views
0 Kudos
2 REPLIES 2

avatar
author-rank Shelton
Master Mentor

Created ‎10-15-2019 11:56 AM

@Vij 

 

Can you share your share your zookeeper_client_jaas.conf and zookeeper_jaas.conf they should be look like below

zookeeper_client_jaas.conf

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true;
};

zookeeper_jaas.conf

Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/etc/security/keytabs/zk.service.keytab"
principal="zookeeper/<host>@[REALM]";
};

 

Please compare and let me know 

 

4,433 Views
0 Kudos

avatar
author-rank Vij
New Contributor

Created ‎10-16-2019 12:38 AM

@Shelton  Thank you for your response but as of now first i am testing between server to server authentication and this is how my JAAS files looks like which i refereed from this wiki 

 

https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication

 

 

QuorumServer {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="<keytab path>"
storeKey=true
useTicketCache=false
debug=false
principal="<principal>/_HOST@[REALM]";
};

QuorumLearner {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="<keytab path>"
storeKey=true
useTicketCache=false
debug=false
principal="<principal>/_HOST@[REALM]";
};

 

 

 

4,422 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements