Return-Path: X-Original-To: apmail-zookeeper-user-archive@www.apache.org Delivered-To: apmail-zookeeper-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6EE7911EC2 for ; Fri, 5 Sep 2014 20:11:16 +0000 (UTC) Received: (qmail 29274 invoked by uid 500); 5 Sep 2014 20:11:16 -0000 Delivered-To: apmail-zookeeper-user-archive@zookeeper.apache.org Received: (qmail 29220 invoked by uid 500); 5 Sep 2014 20:11:15 -0000 Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@zookeeper.apache.org Delivered-To: mailing list user@zookeeper.apache.org Delivered-To: moderator for user@zookeeper.apache.org Received: (qmail 20682 invoked by uid 99); 5 Sep 2014 20:09:00 -0000 X-ASF-Spam-Status: No, hits=-0.1 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) From: Javier Delgadillo To: "user@zookeeper.apache.org" Subject: digest authentication with a Quorum Thread-Topic: digest authentication with a Quorum Thread-Index: Ac/JQ/h/6ZXCXR5IQBeOEtpwLq+YTg== Date: Fri, 5 Sep 2014 20:08:34 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.50.254.250] Content-Type: multipart/alternative; boundary="_000_B64096BBC452D945B7C090404429722E80D8C18DREDINFEXMBP1esr_" MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org --_000_B64096BBC452D945B7C090404429722E80D8C18DREDINFEXMBP1esr_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I'm experimenting with authentication in ZooKeeper. I've used the Eclipse = ZooKeeper Explorer to connect to the locally running ZooKeeper instance. W= hat I've observed is that when I configure ZooKeeper in stand-alone mode, I= have to enter authentication information to connect with ZooKeeper explore= r. But if I configure a quorum (of one or more instances), the authenticat= ion configuration has no effect-meaning I can connect with ZooKeeper explor= er and create/update/delete nodes without having to enter any authenticatio= n credentials. Am I missing something? Is there something else I need to do to get the au= thentication working when a quorum is configured? I'm running ZooKeeper 3.4.5 on Windows 8 with JDK 7 (build 55) Here's the ZooKeeper configuration: # The number of milliseconds of each tick tickTime=3D2000 # The number of ticks that the initial # synchronization phase can take initLimit=3D10 # The number of ticks that can pass between # sending a request and getting an acknowledgement syncLimit=3D5 # the directory where the snapshot is stored. # do not use /tmp for storage, /tmp here is just # example sakes. dataDir=3DE: /zookeeper/zookeeper-3.4.5/data # the port at which the clients will connect clientPort=3D2181 server.1=3Dhostname\:2888\:3888 authProvider.1=3Dorg.apache.zookeeper.server.auth.SASLAuthenticationProvide= r requireClientAuthScheme=3Dsasl # renew server-side ticket once an hour. 1000*60*60 =3D 3600000 millisecond= s jaasLoginRenew=3D3600000 # # Be sure to read the maintenance section of the # administrator guide before turning on autopurge. # # http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_maintenanc= e # # The number of snapshots to retain in dataDir autopurge.snapRetainCount=3D1 # Purge task interval in hours # Set to "0" to disable auto purge feature autopurge.purgeInterval=3D1 I create the myid file in and created the file java.env with thi= s line: SERVER_JVMFLAGS=3D"-Djava.security.auth.login.config=3D../conf/jaas.conf" jaas.conf: Server { org.apache.zookeeper.server.auth.DigestLoginModule required user_super=3D"adminsecret" user_bob=3D"bobsecret"; }; --- Javier Delgadillo GeoEvent Extension http://www.esri.com/ --_000_B64096BBC452D945B7C090404429722E80D8C18DREDINFEXMBP1esr_--