<h2 id="heading-issue">Issue</h2>
<p>Zookeeper failed to starting up with these error message:</p>
<pre><code class="lang-bash">2023-12-04 10:23:26,701 ERROR org.apache.zookeeper.server.ZooKeeperServerMain: Unexpected exception, exiting abnormally
java.io.IOException: Could not configure server because SASL configuration did not allow the  ZooKeeper server to authenticate itself properly: javax.security.auth.login.LoginException: Client not found <span class="hljs-keyword">in</span> Kerberos database (6)
        at org.apache.zookeeper.server.ServerCnxnFactory.configureSaslLogin(ServerCnxnFactory.java:243)
        at org.apache.zookeeper.server.NIOServerCnxnFactory.configure(NIOServerCnxnFactory.java:646)
        at org.apache.zookeeper.server.ZooKeeperServerMain.runFromConfig(ZooKeeperServerMain.java:152)
        at org.apache.zookeeper.server.ZooKeeperServerMain.initializeAndRun(ZooKeeperServerMain.java:109)
        at org.apache.zookeeper.server.ZooKeeperServerMain.main(ZooKeeperServerMain.java:67)
        at org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:130)
        at org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:84)
</code></pre>
<h2 id="heading-cause">Cause</h2>
<p>I see zookeeper.keytab is contain only RC4-HMAC encryption. In RHEL8 that weak encryption is disabled. User need to explicitly define it when needed.</p>
<h2 id="heading-resolution">Resolution</h2>
<p>Add <code>allow_weak_crypto = true</code> in <code>/etc/krb5.conf</code></p>


## Issue

Zookeeper failed to starting up with these error message:

```bash
2023-12-04 10:23:26,701 ERROR org.apache.zookeeper.server.ZooKeeperServerMain: Unexpected exception, exiting abnormally
java.io.IOException: Could not configure server because SASL configuration did not allow the  ZooKeeper server to authenticate itself properly: javax.security.auth.login.LoginException: Client not found in Kerberos database (6)
        at org.apache.zookeeper.server.ServerCnxnFactory.configureSaslLogin(ServerCnxnFactory.java:243)
        at org.apache.zookeeper.server.NIOServerCnxnFactory.configure(NIOServerCnxnFactory.java:646)
        at org.apache.zookeeper.server.ZooKeeperServerMain.runFromConfig(ZooKeeperServerMain.java:152)
        at org.apache.zookeeper.server.ZooKeeperServerMain.initializeAndRun(ZooKeeperServerMain.java:109)
        at org.apache.zookeeper.server.ZooKeeperServerMain.main(ZooKeeperServerMain.java:67)
        at org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:130)
        at org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:84)
```

## Cause

I see zookeeper.keytab is contain only RC4-HMAC encryption. In RHEL8 that weak encryption is disabled. User need to explicitly define it when needed.

## Resolution

Add `allow_weak_crypto = true` in `/etc/krb5.conf`

Could not configure server because SASL configuration did not allow the  ZooKeeper server to authenticate itself properly

Underrated Dev

Underrated Dev

ZooKeeper: Unable to start service

Issue

Cause

Resolution