zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Javier Delgadillo <jdelgadi...@esri.com>
Subject digest authentication with a Quorum
Date Fri, 05 Sep 2014 20:08:34 GMT
I'm experimenting with authentication in ZooKeeper.  I've used the Eclipse ZooKeeper Explorer
to connect to the locally running ZooKeeper instance.  What I've observed is that when I configure
ZooKeeper in stand-alone mode, I have to enter authentication information to connect with
ZooKeeper explorer.  But if I configure a quorum (of one or more instances), the authentication
configuration has no effect-meaning I can connect with ZooKeeper explorer and create/update/delete
nodes without having to enter any authentication credentials.

Am I missing something?  Is there something else I need to do to get the authentication working
when a quorum is configured?

I'm running ZooKeeper 3.4.5 on Windows 8 with JDK 7 (build 55)

Here's the ZooKeeper configuration:
# The number of milliseconds of each tick
tickTime=2000
# The number of ticks that the initial
# synchronization phase can take
initLimit=10
# The number of ticks that can pass between
# sending a request and getting an acknowledgement
syncLimit=5
# the directory where the snapshot is stored.
# do not use /tmp for storage, /tmp here is just
# example sakes.
dataDir=E: /zookeeper/zookeeper-3.4.5/data
# the port at which the clients will connect
clientPort=2181

server.1=hostname\:2888\:3888

authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl

# renew server-side ticket once an hour. 1000*60*60 = 3600000 milliseconds
jaasLoginRenew=3600000

#
# Be sure to read the maintenance section of the
# administrator guide before turning on autopurge.
#
# http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_maintenance
#
# The number of snapshots to retain in dataDir
autopurge.snapRetainCount=1
# Purge task interval in hours
# Set to "0" to disable auto purge feature
autopurge.purgeInterval=1


I create the myid file in <dataDir>  and created the file java.env with this line:
SERVER_JVMFLAGS="-Djava.security.auth.login.config=../conf/jaas.conf"

jaas.conf:
Server {
       org.apache.zookeeper.server.auth.DigestLoginModule required
       user_super="adminsecret"
       user_bob="bobsecret";
};

---
Javier Delgadillo
GeoEvent Extension
http://www.esri.com/


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message