Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

ZooKeeper kerberos Server Authentication issue

Labels:
avatar
author-rank Vij
New Contributor

Created on ‎10-15-2019 07:55 AM - last edited on ‎10-15-2019 09:14 AM by Community Manager Community Manager

getting this exception while brining up the Zkservers

 

ERROR 2019-10-15 10:31:44,851 [main] QuorumPeerMain - Unexpected exception, exiting abnormally
javax.security.sasl.SaslException: Failed to initialize authentication mechanism using SASL [Caused by javax.security.auth.login.LoginException: SASL-authentication failed because the specified JAAS configuration section 'QuorumServer' could not be found.]
at org.apache.zookeeper.server.quorum.auth.SaslQuorumAuthServer.<init>(SaslQuorumAuthServer.java:68)
at org.apache.zookeeper.server.quorum.QuorumPeer.initialize(QuorumPeer.java:886)
at org.apache.zookeeper.server.quorum.QuorumPeerMain.runFromConfig(QuorumPeerMain.java:203)
at org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:123)
at org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:82)
Caused by: javax.security.auth.login.LoginException: SASL-authentication failed because the specified JAAS configuration section 'QuorumServer' could not be found.
at org.apache.zookeeper.server.quorum.auth.SaslQuorumAuthServer.<init>(SaslQuorumAuthServer.java:59)

3,962 Views
0 Kudos
2 REPLIES 2

avatar
author-rank Shelton
Master Mentor

Created ‎10-15-2019 11:56 AM

@Vij 

 

Can you share your share your zookeeper_client_jaas.conf and zookeeper_jaas.conf they should be look like below

zookeeper_client_jaas.conf

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true;
};

zookeeper_jaas.conf

Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/etc/security/keytabs/zk.service.keytab"
principal="zookeeper/<host>@[REALM]";
};

 

Please compare and let me know 

 

3,945 Views
0 Kudos

avatar
author-rank Vij
New Contributor

Created ‎10-16-2019 12:38 AM

@Shelton  Thank you for your response but as of now first i am testing between server to server authentication and this is how my JAAS files looks like which i refereed from this wiki 

 

https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication

 

 

QuorumServer {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="<keytab path>"
storeKey=true
useTicketCache=false
debug=false
principal="<principal>/_HOST@[REALM]";
};

QuorumLearner {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="<keytab path>"
storeKey=true
useTicketCache=false
debug=false
principal="<principal>/_HOST@[REALM]";
};

 

 

 

3,934 Views
0 Kudos
webinar banner
Announcements
What's New @ Cloudera
Cloudera Operational Database (COD) supports instance group ...
What's New @ Cloudera
Cloudera Operational Database (COD) has updated the instanc...
What's New @ Cloudera
Cloudera Operational Database (COD) supports configuring roo...
What's New @ Cloudera
Cloudera Operational Database (COD) has updated the HDFS ins...
Product Announcements
[ANNOUNCE] CDP Private Cloud Base 7.1.7 Service Pack 3 Relea...
View More Announcements
meetups banner