Configuring Apache ZooKeeper for Kerberos authentication
- Last Updated: September 26, 2018
- 1 minute read
- DataDirect Connectors
- JDBC
- Apache Hive 6.0
- Documentation
The driver supports Kerberos authentication for Apache ZooKeeper.
Configuring Kerberos for Apache ZooKeeper requires an entry in the JAAS login configuration file using the format described in this section. The rest of the process is the same as described in the following section: "Configuring the driver for Kerberos authentication."
To configure Apache ZooKeeper for Kerberos authentication, in the
JAAS login configuration file (JDBCDriverLogin.conf), add the following entry:
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="KeyTabFilePath"
principal="ServicePrincipalName";
};
where:
- KeyTabFilePath
- is the file path of the keytab file that contains service principal name.
- ServicePrincipalName
- is the three-part service principal name registered with the Key Distribution Center (KDC). It takes the following form:
Note:
Client is the default context
key. If you want to use a different context key in its place, you must set it in the
JDBC application using the zookeeper.sasl.clientconfig Java system property. The following example shows how to configure Apache ZooKeeper for Kerberos authentication.
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/security/keytabs/zk.service.keytab"
principal="zookeeper/zookeeper123.xyz.com@XYZ.COM";
};