great! :)
On Wed, Jan 15, 2020 at 6:38 PM Arpit Jain wrote:
> I managed to create ACL with authenticated client principal using below
> lines of code in client:
>
> curator
> .create().creatingParentContainersIfNeeded().withACL(ZooDefs.Ids.
> CREATOR_ALL_ACL).forPath("/mynode");
>
>
I managed to create ACL with authenticated client principal using below
lines of code in client:
curator
.create().creatingParentContainersIfNeeded().withACL(ZooDefs.Ids.
CREATOR_ALL_ACL).forPath("/mynode");
ZooDefs.Ids.CREATOR_ALL_ACL gives permissions to the client which is
Yes, they are system properties
You can take this guide (about Kafka) as example
https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_gssapi.html
Il giorno 15/01/20, 13:17 "Arpit Jain" ha scritto:
I have not passed those parameters. Is this something I need to
I have asked in Curator mailing list as well but not much help. I am able
to set ACL with sasl scheme by using zkCli.sh client in Zookeeper server.
The idea is to use Curator to set the ACLs so that only my client
application can access its Znodes.
On Wed, Jan 15, 2020 at 9:21 AM Szalay-Bekő
I am not sure what is wrong with the code... I am not familiar with
Curator. I can try to google / reproduce this and see what is wrong, but it
will take a while for me. So first I would ask the others, maybe there is
someone who knows both ZooKeeper SASL and Curator and can help you more in
this
Thanks for the clarification.
I am able to authenticate client with Zookeeper. However, when I started to
set ACLs with the same client, I get error messages. This is how I am
creating curator client for setting ACLs
CuratorFrameworkFactory.Builder builder =
The system property name is a bit misleading... this parameter is actually
specifies the username used in the ZooKeeper server principal. (in your
case the server principal is: zookeeper/z...@example.com)
AFAIK the ZooKeeper client (after authenticated as zkclient/z...@example.com
in Kerberos
You are using 3.5.5 or 3.5.6, right?
I think you need to specify: -Dzookeeper.sasl.client.username=zookeeper
can you give it a try? If it doesn't work then I can take a deeper look
(also we can enable some debug logging)
On Mon, Jan 13, 2020 at 5:31 PM Arpit Jain wrote:
> Hi
>
> I have
Also please note, that the 'Configuration.getConfiguration().refresh()'
will reload only the jaas.config.
If you also need to reload the kerberos client config, then you can add the
"refreshKrb5Config=true" line to your jaas.conf file. This will trigger to
reload the krb.cfg file as well if
Hi Enrico,
> There is a method to force JAAS to reload the system property.
>
> Something like Configuration.getConfiguration().refresh()
Great to know! Thanks!
> You have to call that method after changing the system property
Cheers, -D
> Il gio 9 gen 2020, 20:05 Damien Diederen ha
>
There is a method to force JAAS to reload the system property.
Something like Configuration.getConfiguration().refresh()
You have to call that method after changing the system property
Hope that helps
Enrico
Il gio 9 gen 2020, 20:05 Damien Diederen ha
scritto:
>
> Hi Arpit, Máté,
>
> Arpit
Hi Arpit, Máté,
Arpit wrote:
> The solution is to pass JAAS file
> with -Djava.security.auth.login.config=/path/to/jaas.conf.
Okay—good.
> Using System.setProperty does not work for me.
Ah, I see. And I'm not surprised; I think Máté is on the right track:
>> I also faced this exception
The solution is to pass JAAS file
with -Djava.security.auth.login.config=/path/to/jaas.conf. Using
System.setProperty does not work for me.
On Thu, Jan 9, 2020 at 3:49 PM Szalay-Bekő Máté
wrote:
> I also faced this exception not long ago. I think it is an edge case, most
> probably you have
I also faced this exception not long ago. I think it is an edge case, most
probably you have something else, but still... maybe it helps:
I tried to write a unit test which dynamically generated multiple jaas.conf
files. Then I was setting the java.security.auth.login.config system
property to
Hi Arpit,
> I am trying to do SASL authentication between ZK and curator. […]
Okay.
> I am also setting -Dzookeeper.sasl.clientconfig="Client" system
> variable.
Looking at my deployments, I am specifying the location of the
configuration file using another system property:
Hi,
I am trying to do SASL authentication between ZK and curator. Principal for
curator is added in Kerberos server. While starting up curator, I see below
message in logs even though JAAS file has "Client" section. I am also
setting -Dzookeeper.sasl.clientconfig="Client" system variable.
16 matches
Mail list logo