Use Digest Authentication Provider in ZooKeeper

Cloudera recommends to override the default SHA1 algorithm and use a more secure one when using the Digest Authentication Provider in ZooKeeper.

When using the Digest Authentication Provider in ZooKeeper, for example for specifying SuperUser, it is recommended to override the default SHA1 algorithm and use a more secure one, such as SHA3-384 or SHA3-512. This is mandatory for FIPS compliant clusters.

  1. In Cloudera Manager, select the ZooKeeper service.
  2. Click the Configuration tab.
  3. Find the Java Configuration Options for ZooKeeper Server.
  4. Add the following configuration:
    -Dzookeeper.DigestAuthenticationProvider.digestAlg=[***ALGORITHM***]
    For example:
    -Dzookeeper.DigestAuthenticationProvider.digestAlg=SHA3-512