Xin Chen created ZOOKEEPER-4885:
-----------------------------------
Summary: Can Non-SASL-Clients automatically recover with the
recovery of kerberos communication?
Key: ZOOKEEPER-4885
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4885
Project: ZooKeeper
Issue Type: Improvement
Affects Versions: 3.9.3, 3.6.4
Reporter: Xin Chen
About ZOOKEEPER-2139, it just avoids ZooKeeper clients into infinite
AuthFailedException. NoauthException still exists!
LoginException was thrown through each login, but at this point, a zkclient
without Kerberos SASL authentication was created. Non SASL Znodes can be
operated on in the future. However, when Kerberos recovers from network
disconnections and other anomalies, the previously created zkclient without
SASL authentication is still being used without rebuilding the login or
recreating a saslclient. If it is used to operate on ACL Znodes at this time,
an error will always be reported:
{code:java}
KeeperErrorCode = NoAuth for /zookeeper
or
KeeperErrorCode = AuthFailed for /zookeeper
or
KeeperErrorCode = InvalidACL for /zookeeper{code}
Isn't this a question that should be considered? And I also met this issue in
ZK-3.6.4,It seems that this issue has not been considered in the updated
version.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
