[
https://issues.apache.org/jira/browse/ZOOKEEPER-2036?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brahma Reddy Battula updated ZOOKEEPER-2036:
--------------------------------------------
Description:
*{color:blue}Scenario:{color}*
Started the Secure ZK Cluster.
Logged with Secure ZK Client(by passing valid jaas.conf) and created the Znodes
Now logged in to same secure cluster using unsecure ZKClient (without
jaas.conf) to same Cluster and able to access the data which is created by the
Secured Client..
*{color:blue}Secured Client{color}:(which is created the Znodes)*
2014-09-15 13:40:56,288 [myid:] - INFO
[main-SendThread(localhost:2181):ZooKeeperSaslClient$1@285] - Client will use
GSSAPI as SASL mechanism.
2014-09-15 13:40:56,296 [myid:] - INFO [Thread-1:Login@301] - TGT valid
starting at: Mon Sep 15 13:40:56 IST 2014
2014-09-15 13:40:56,296 [myid:] - INFO [Thread-1:Login@302] - TGT expires:
Tue Sep 16 13:40:56 IST 2014
2014-09-15 13:40:56,296 [myid:] - INFO [Thread-1:Login$1@181] - TGT refresh
sleeping until: Tue Sep 16 09:36:04 IST 2014
2014-09-15 13:40:56,302 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket
connection to server localhost/0:0:0:0:0:0:0:1:2181. Will attempt to
SASL-authenticate using Login Context section 'Client'
2014-09-15 13:40:56,308 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket connection
established to localhost/0:0:0:0:0:0:0:1:2181, initiating session
2014-09-15 13:40:56,344 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session
establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid =
0x1486856657e0016, negotiated timeout = 30000
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
WATCHER::
WatchedEvent state: *{color:red}SaslAuthenticated{color}* type:None path:null
[zk: localhost:2181(CONNECTED) 1] create -s /tmp-seq 'sd:er:'
Created /tmp-seq0000000003
[zk: localhost:2181(CONNECTED) 2] create -s /tmp-seq 'sd:er:'
Created /tmp-seq0000000004
[zk: localhost:2181(CONNECTED) 0] ls /
[tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002,
zookeeper]
*{color:blue}UnSecured Client{color}:(which is Accesing Znodes)*
Welcome to ZooKeeper!
2014-09-15 13:00:30,440 [myid:] - WARN
[main-SendThread(localhost:2181):ClientCnxn$SendThread@982] - SASL
configuration failed: javax.security.auth.login.LoginException: No JAAS
configuration section named 'Client' was found in specified JAAS configuration
file: '/home/****/zookeeper/conf/jaas.conf'. Will continue connection to
Zookeeper server without SASL authentication, if Zookeeper server allows it.
014-09-15 13:00:30,441 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket
connection to server localhost/127.0.0.1:2181
WatchedEvent state: *{color:red}AuthFailed{color}* type:None path:null
JLine support is enabled
2014-09-15 13:00:30,451 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket connection
established to localhost/127.0.0.1:2181, initiating session
[zk: localhost:2181(CONNECTING) 0] 2014-09-15 13:00:30,488 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session
establishment complete on server localhost/127.0.0.1:2181, sessionid =
0x348685662250005, negotiated timeout = 30000
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
[zk: localhost:2181(CONNECTED) 0] ls /
[tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002,
zookeeper]
[zk: localhost:2181(CONNECTED) 1] get /tmp-seq000000000
tmp-seq0000000004 tmp-seq0000000003 tmp-seq0000000002
[zk: localhost:2181(CONNECTED) 1] get /tmp-seq0000000002
''
cZxid = 0x100000040
ctime = Mon Sep 15 12:51:50 IST 2014
mZxid = 0x100000040
mtime = Mon Sep 15 12:51:50 IST 2014
pZxid = 0x100000040
cversion = 0
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 2
numChildren = 0
was:
*{color:blue}Scenario:{color}*
Started the Secure ZK Cluster.
Logged with Secure ZK Client(by passing valid jaas.conf) and created the Znodes
Now logged in to same secure cluster using unsecure ZKClient (without
jaas.conf) to same Cluster and able to access the data which is created by the
Secured Client..
*{color:blue}Secured Client{color}:(which is created the Znodes)*
2014-09-15 13:40:56,288 [myid:] - INFO
[main-SendThread(localhost:2181):ZooKeeperSaslClient$1@285] - Client will use
GSSAPI as SASL mechanism.
2014-09-15 13:40:56,296 [myid:] - INFO [Thread-1:Login@301] - TGT valid
starting at: Mon Sep 15 13:40:56 IST 2014
2014-09-15 13:40:56,296 [myid:] - INFO [Thread-1:Login@302] - TGT expires:
Tue Sep 16 13:40:56 IST 2014
2014-09-15 13:40:56,296 [myid:] - INFO [Thread-1:Login$1@181] - TGT refresh
sleeping until: Tue Sep 16 09:36:04 IST 2014
2014-09-15 13:40:56,302 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket
connection to server localhost/0:0:0:0:0:0:0:1:2181. Will attempt to
SASL-authenticate using Login Context section 'Client'
2014-09-15 13:40:56,308 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket connection
established to localhost/0:0:0:0:0:0:0:1:2181, initiating session
2014-09-15 13:40:56,344 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session
establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid =
0x1486856657e0016, negotiated timeout = 30000
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
WATCHER::
WatchedEvent state:SaslAuthenticated type:None path:null
[zk: localhost:2181(CONNECTED) 1] create -s /tmp-seq 'sd:er:'
Created /tmp-seq0000000003
[zk: localhost:2181(CONNECTED) 2] create -s /tmp-seq 'sd:er:'
Created /tmp-seq0000000004
[zk: localhost:2181(CONNECTED) 0] ls /
[tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002,
zookeeper]
*{color:blue}UnSecured Client{color}:(which is Accesing Znodes)*
014-09-15 13:00:30,441 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket
connection to server localhost/127.0.0.1:2181
WatchedEvent state:AuthFailed type:None path:null
JLine support is enabled
2014-09-15 13:00:30,451 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket connection
established to localhost/127.0.0.1:2181, initiating session
[zk: localhost:2181(CONNECTING) 0] 2014-09-15 13:00:30,488 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session
establishment complete on server localhost/127.0.0.1:2181, sessionid =
0x348685662250005, negotiated timeout = 30000
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
[zk: localhost:2181(CONNECTED) 0] ls /
[tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002,
zookeeper]
[zk: localhost:2181(CONNECTED) 1] get /tmp-seq000000000
tmp-seq0000000004 tmp-seq0000000003 tmp-seq0000000002
[zk: localhost:2181(CONNECTED) 1] get /tmp-seq0000000002
''
cZxid = 0x100000040
ctime = Mon Sep 15 12:51:50 IST 2014
mZxid = 0x100000040
mtime = Mon Sep 15 12:51:50 IST 2014
pZxid = 0x100000040
cversion = 0
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 2
numChildren = 0
> Client which is not authorized able to access the Secure Data which is
> created by the Secure Client
> ---------------------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-2036
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2036
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
> Affects Versions: 3.4.5
> Reporter: Brahma Reddy Battula
> Priority: Blocker
>
> *{color:blue}Scenario:{color}*
> Started the Secure ZK Cluster.
> Logged with Secure ZK Client(by passing valid jaas.conf) and created the
> Znodes
> Now logged in to same secure cluster using unsecure ZKClient (without
> jaas.conf) to same Cluster and able to access the data which is created by
> the Secured Client..
> *{color:blue}Secured Client{color}:(which is created the Znodes)*
> 2014-09-15 13:40:56,288 [myid:] - INFO
> [main-SendThread(localhost:2181):ZooKeeperSaslClient$1@285] - Client will use
> GSSAPI as SASL mechanism.
> 2014-09-15 13:40:56,296 [myid:] - INFO [Thread-1:Login@301] - TGT valid
> starting at: Mon Sep 15 13:40:56 IST 2014
> 2014-09-15 13:40:56,296 [myid:] - INFO [Thread-1:Login@302] - TGT expires:
> Tue Sep 16 13:40:56 IST 2014
> 2014-09-15 13:40:56,296 [myid:] - INFO [Thread-1:Login$1@181] - TGT refresh
> sleeping until: Tue Sep 16 09:36:04 IST 2014
> 2014-09-15 13:40:56,302 [myid:] - INFO
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket
> connection to server localhost/0:0:0:0:0:0:0:1:2181. Will attempt to
> SASL-authenticate using Login Context section 'Client'
> 2014-09-15 13:40:56,308 [myid:] - INFO
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket
> connection established to localhost/0:0:0:0:0:0:0:1:2181, initiating session
> 2014-09-15 13:40:56,344 [myid:] - INFO
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session
> establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid =
> 0x1486856657e0016, negotiated timeout = 30000
> WATCHER::
> WatchedEvent state:SyncConnected type:None path:null
> WATCHER::
> WatchedEvent state: *{color:red}SaslAuthenticated{color}* type:None path:null
> [zk: localhost:2181(CONNECTED) 1] create -s /tmp-seq 'sd:er:'
> Created /tmp-seq0000000003
> [zk: localhost:2181(CONNECTED) 2] create -s /tmp-seq 'sd:er:'
> Created /tmp-seq0000000004
> [zk: localhost:2181(CONNECTED) 0] ls /
> [tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002,
> zookeeper]
> *{color:blue}UnSecured Client{color}:(which is Accesing Znodes)*
> Welcome to ZooKeeper!
> 2014-09-15 13:00:30,440 [myid:] - WARN
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@982] - SASL
> configuration failed: javax.security.auth.login.LoginException: No JAAS
> configuration section named 'Client' was found in specified JAAS
> configuration file: '/home/****/zookeeper/conf/jaas.conf'. Will continue
> connection to Zookeeper server without SASL authentication, if Zookeeper
> server allows it.
> 014-09-15 13:00:30,441 [myid:] - INFO
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket
> connection to server localhost/127.0.0.1:2181
> WatchedEvent state: *{color:red}AuthFailed{color}* type:None path:null
> JLine support is enabled
> 2014-09-15 13:00:30,451 [myid:] - INFO
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket
> connection established to localhost/127.0.0.1:2181, initiating session
> [zk: localhost:2181(CONNECTING) 0] 2014-09-15 13:00:30,488 [myid:] - INFO
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session
> establishment complete on server localhost/127.0.0.1:2181, sessionid =
> 0x348685662250005, negotiated timeout = 30000
> WATCHER::
> WatchedEvent state:SyncConnected type:None path:null
> [zk: localhost:2181(CONNECTED) 0] ls /
> [tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002,
> zookeeper]
> [zk: localhost:2181(CONNECTED) 1] get /tmp-seq000000000
> tmp-seq0000000004 tmp-seq0000000003 tmp-seq0000000002
> [zk: localhost:2181(CONNECTED) 1] get /tmp-seq0000000002
> ''
> cZxid = 0x100000040
> ctime = Mon Sep 15 12:51:50 IST 2014
> mZxid = 0x100000040
> mtime = Mon Sep 15 12:51:50 IST 2014
> pZxid = 0x100000040
> cversion = 0
> dataVersion = 0
> aclVersion = 0
> ephemeralOwner = 0x0
> dataLength = 2
> numChildren = 0
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
