zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Han <h...@apache.org>
Subject Re: Getting Authentication Not valid while running reconfig Command
Date Wed, 07 Nov 2018 00:15:09 GMT
Please check out the reconfig release document for 3.5.3 beta, in
particular section "Access Control":
https://zookeeper.apache.org/doc/r3.5.3-beta/zookeeperReconfig.html

*"The dynamic configuration is stored in a special znode
ZooDefs.CONFIG_NODE = /zookeeper/config. This node by default is read only
for all users, except super user and users that's explicitly configured for
write access.*

*Clients that need to use reconfig commands or reconfig API should be
configured as users that have write access to CONFIG_NODE. By default, only
the super user has full control including write access to CONFIG_NODE.
Additional users can be granted write access through superuser by setting
an ACL that has write permission associated with specified user.*
*A few examples of how to setup ACLs and use reconfiguration API with
authentication can be found in ReconfigExceptionTest.java and
TestReconfigServer.cc."*

This is the recommended approach. The "skipACL" approach is not recommended
to use from a security perspective unless you don't care about access
control and also running ensembles in a trusted environment.

On Wed, Oct 31, 2018 at 12:00 PM bmugs <mugdhabondre9193@gmail.com> wrote:

> Hi,
>
> We were also facing the same issue, this is how we resolved it:
>
> Before starting the ZK server, add the following to zkServer.sh -
> "-Dzookeeper.skipACL=yes"
>
> This will skip the ACL authentication and you will be able to use reconfig
> command.
> Albeit this comes with a risk as you removes all authentication.
>
> Hope this helps!
>
>
>
>
> --
> Sent from: http://zookeeper-user.578899.n2.nabble.com/
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message