zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Han <h...@apache.org>
Subject Re: Getting Authentication Not valid while running reconfig Command
Date Wed, 07 Nov 2018 00:15:09 GMT
Please check out the reconfig release document for 3.5.3 beta, in
particular section "Access Control":

*"The dynamic configuration is stored in a special znode
ZooDefs.CONFIG_NODE = /zookeeper/config. This node by default is read only
for all users, except super user and users that's explicitly configured for
write access.*

*Clients that need to use reconfig commands or reconfig API should be
configured as users that have write access to CONFIG_NODE. By default, only
the super user has full control including write access to CONFIG_NODE.
Additional users can be granted write access through superuser by setting
an ACL that has write permission associated with specified user.*
*A few examples of how to setup ACLs and use reconfiguration API with
authentication can be found in ReconfigExceptionTest.java and

This is the recommended approach. The "skipACL" approach is not recommended
to use from a security perspective unless you don't care about access
control and also running ensembles in a trusted environment.

On Wed, Oct 31, 2018 at 12:00 PM bmugs <mugdhabondre9193@gmail.com> wrote:

> Hi,
> We were also facing the same issue, this is how we resolved it:
> Before starting the ZK server, add the following to zkServer.sh -
> "-Dzookeeper.skipACL=yes"
> This will skip the ACL authentication and you will be able to use reconfig
> command.
> Albeit this comes with a risk as you removes all authentication.
> Hope this helps!
> --
> Sent from: http://zookeeper-user.578899.n2.nabble.com/

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message