[
https://issues.apache.org/jira/browse/ZOOKEEPER-2370?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15159078#comment-15159078
]
Chao Sun commented on ZOOKEEPER-2370:
-------------------------------------
Actually I did that. I have a {{jaas.conf}} with the following content:
{code}
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/tmp/my.keytab"
storeKey=true
useTicketCache=false
principal="me/[email protected]";
};
{code}
and then I set the CLIENT_JVMFLAGS to
"-Djava.security.auth.login.config=/tmp/jaas.conf", and did {{kinit}} with the
keytab:
{code}
kinit -k -t my.keytab me/[email protected]
{code}
And, when the client is started, I see the following message:
{code}
2016-02-23 07:53:58,965 [myid:] - INFO
[main-SendThread(hostname:2181):ZooKeeperSaslClient$1@252] - Client will use
GSSAPI as SASL mechanism.
2016-02-23 07:53:58,973 [myid:] - INFO [Thread-1:Login@301] - TGT valid
starting at: Tue Feb 23 07:53:58 PST 2016
2016-02-23 07:53:58,973 [myid:] - INFO [Thread-1:Login@302] - TGT expires:
Thu Mar 24 08:53:58 PDT 2016
2016-02-23 07:53:58,973 [myid:] - INFO [Thread-1:Login$1@181] - TGT refresh
sleeping until: Sat Mar 19 03:50:26 PDT 2016
{code}
Doesn't this indicate the client is already authenticated?
> Can't access Znodes after adding ACL with SASL
> ----------------------------------------------
>
> Key: ZOOKEEPER-2370
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2370
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.5
> Reporter: Chao Sun
>
> (My apology if this is not a bug.)
> I'm trying to use a ZK client which has successfully authenticated with a
> secure ZK server using principal {{me/[email protected]}}. However, the
> following simple commands failed:
> {code}
> [zk: hostname(CONNECTED) 0] create /zk-test "1"
> Created /zk-test
> [zk: hostname(CONNECTED) 1] setAcl /zk-test sasl:me/[email protected]:cdrwa
> cZxid = 0x3e3b
> ctime = Mon Feb 22 23:10:36 PST 2016
> mZxid = 0x3e3b
> mtime = Mon Feb 22 23:10:36 PST 2016
> pZxid = 0x3e3b
> cversion = 0
> dataVersion = 0
> aclVersion = 1
> ephemeralOwner = 0x0
> dataLength = 3
> numChildren = 0
> [zk: hostname(CONNECTED) 2] getAcl /zk-test
> 'sasl,'me/[email protected]
> : cdrwa
> [zk: hostname(CONNECTED) 3] ls /zk-test
> Authentication is not valid : /zk-test
> [zk: hostname(CONNECTED) 4] create /zk-test/c "2"
> Authentication is not valid : /zk-test/c
> {code}
> I wonder what I did wrong here, or is this behavior intentional? how can I
> delete the znodes? Thanks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
