diff --git a/dev-support/ranger-docker/docker-compose.ranger.yml b/dev-support/ranger-docker/docker-compose.ranger.yml
index 6f9fd13907..5f86c00ca7 100644
--- a/dev-support/ranger-docker/docker-compose.ranger.yml
+++ b/dev-support/ranger-docker/docker-compose.ranger.yml
@@ -78,6 +78,13 @@ services:
     image: ranger-zk
     container_name: ranger-zk
     hostname: ranger-zk.rangernw
+    volumes:
+      - ./dist/keytabs/ranger-zk:/etc/keytabs
+      - ./scripts/wait_for_keytab.sh:/etc/wait_for_keytab.sh
+      - ./scripts/kdc/krb5.conf:/etc/krb5.conf:ro
+      - ./scripts/zk/jaas.conf:/etc/zookeeper/jaas.conf
+      - ./scripts/zk/zookeeper-with-kerberos.sh:/zookeeper-with-kerberos.sh:ro
+    entrypoint: [ "/bin/bash", "/zookeeper-with-kerberos.sh" ]
     networks:
       - ranger
     ports:
diff --git a/dev-support/ranger-docker/scripts/kdc/entrypoint.sh b/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
index 2c724bd893..b0ad1277a9 100644
--- a/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
+++ b/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
@@ -98,6 +98,8 @@ function create_keytabs() {
   create_principal_and_keytab knox ranger-knox
 
   create_principal_and_keytab HTTP ranger-solr
+
+  create_principal_and_keytab zookeeper ranger-zk
 }
 
 function create_testusers() {
diff --git a/dev-support/ranger-docker/scripts/zk/jaas.conf b/dev-support/ranger-docker/scripts/zk/jaas.conf
new file mode 100644
index 0000000000..253d54f72f
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/zk/jaas.conf
@@ -0,0 +1,8 @@
+Server {
+  com.sun.security.auth.module.Krb5LoginModule required
+  useKeyTab=true
+  keyTab="/etc/keytabs/zookeeper.keytab"
+  storeKey=true
+  useTicketCache=false
+  principal="zookeeper/ranger-zk.rangernw@EXAMPLE.COM";
+};
diff --git a/dev-support/ranger-docker/scripts/zk/zookeeper-with-kerberos.sh b/dev-support/ranger-docker/scripts/zk/zookeeper-with-kerberos.sh
new file mode 100644
index 0000000000..33869b661b
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/zk/zookeeper-with-kerberos.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+if [ "${KERBEROS_ENABLED}" = "true" ]; then
+  /etc/wait_for_keytab.sh zookeeper.keytab
+
+  export ZOO_CFG_EXTRA="authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider requireClientAuthScheme=sasl"
+  export SERVER_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/jaas.conf -Dzookeeper.sasl.client=false ${SERVER_JVMFLAGS}"
+fi
+
+/docker-entrypoint.sh zkServer.sh start-foreground