[jira] [Resolved] (ZOOKEEPER-2036) Client which is not authorized able to access the Secure Data which is created by the Secure Client

Tue, 28 Oct 2014 06:26:26 -0700 

     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2036?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rakesh R resolved ZOOKEEPER-2036.
---------------------------------
    Resolution: Not a Problem

I'm marking this as 'not a problem' because this will work fine if sets the ACL 
properly. Please reopen if anyone differs with me.

> Client which is not authorized able to access the Secure Data which is 
> created by the Secure Client
> ---------------------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2036
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2036
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.4.5
>            Reporter: Brahma Reddy Battula
>            Priority: Blocker
>
>  *{color:blue}Scenario:{color}* 
> Started the Secure ZK Cluster.
> Logged with Secure ZK Client(by passing valid jaas.conf) and created the 
> Znodes
> Now logged in to same secure cluster using unsecure ZKClient (without 
> jaas.conf) to same Cluster and able to access the data which is created by 
> the Secured Client..
>  *{color:blue}Secured Client{color}:(which is created the Znodes)* 
> 2014-09-15 13:40:56,288 [myid:] - INFO  
> [main-SendThread(localhost:2181):ZooKeeperSaslClient$1@285] - Client will use 
> GSSAPI as SASL mechanism.
> 2014-09-15 13:40:56,296 [myid:] - INFO  [Thread-1:Login@301] - TGT valid 
> starting at:        Mon Sep 15 13:40:56 IST 2014
> 2014-09-15 13:40:56,296 [myid:] - INFO  [Thread-1:Login@302] - TGT expires:   
>                Tue Sep 16 13:40:56 IST 2014
> 2014-09-15 13:40:56,296 [myid:] - INFO  [Thread-1:Login$1@181] - TGT refresh 
> sleeping until: Tue Sep 16 09:36:04 IST 2014
> 2014-09-15 13:40:56,302 [myid:] - INFO  
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket 
> connection to server localhost/0:0:0:0:0:0:0:1:2181. Will attempt to 
> SASL-authenticate using Login Context section 'Client'
> 2014-09-15 13:40:56,308 [myid:] - INFO  
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket 
> connection established to localhost/0:0:0:0:0:0:0:1:2181, initiating session
> 2014-09-15 13:40:56,344 [myid:] - INFO  
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session 
> establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid = 
> 0x1486856657e0016, negotiated timeout = 30000
> WATCHER::
> WatchedEvent state:SyncConnected type:None path:null
> WATCHER::
> WatchedEvent state: *{color:red}SaslAuthenticated{color}*  type:None path:null
> [zk: localhost:2181(CONNECTED) 1] create -s /tmp-seq 'sd:er:'
> Created /tmp-seq0000000003
> [zk: localhost:2181(CONNECTED) 2] create -s /tmp-seq 'sd:er:'
> Created /tmp-seq0000000004
> [zk: localhost:2181(CONNECTED) 0] ls /
> [tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002, 
> zookeeper]
>  *{color:blue}UnSecured Client{color}:(which is Accesing Znodes)* 
> Welcome to ZooKeeper!
> 2014-09-15 13:00:30,440 [myid:] - WARN  
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@982] - SASL 
> configuration failed: javax.security.auth.login.LoginException: No JAAS 
> configuration section named 'Client' was found in specified JAAS 
> configuration file: '/home/****/zookeeper/conf/jaas.conf'. Will continue 
> connection to Zookeeper server without SASL authentication, if Zookeeper 
> server allows it.
> 014-09-15 13:00:30,441 [myid:] - INFO  
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket 
> connection to server localhost/127.0.0.1:2181
>  WatchedEvent state: *{color:red}AuthFailed{color}*  type:None path:null
> JLine support is enabled
> 2014-09-15 13:00:30,451 [myid:] - INFO  
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket 
> connection established to localhost/127.0.0.1:2181, initiating session
> [zk: localhost:2181(CONNECTING) 0] 2014-09-15 13:00:30,488 [myid:] - INFO  
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session 
> establishment complete on server localhost/127.0.0.1:2181, sessionid = 
> 0x348685662250005, negotiated timeout = 30000
> WATCHER::
> WatchedEvent state:SyncConnected type:None path:null
> [zk: localhost:2181(CONNECTED) 0] ls /
> [tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002, 
> zookeeper]
> [zk: localhost:2181(CONNECTED) 1] get /tmp-seq000000000
> tmp-seq0000000004   tmp-seq0000000003   tmp-seq0000000002
> [zk: localhost:2181(CONNECTED) 1] get /tmp-seq0000000002
> ''
> cZxid = 0x100000040
> ctime = Mon Sep 15 12:51:50 IST 2014
> mZxid = 0x100000040
> mtime = Mon Sep 15 12:51:50 IST 2014
> pZxid = 0x100000040
> cversion = 0
> dataVersion = 0
> aclVersion = 0
> ephemeralOwner = 0x0
> dataLength = 2
> numChildren = 0



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to