The docs say to specify it as id => "$username:$password". If I didn't
do add_auth first, how would I be able to specify a digest ACL at all?
It also fails if I move the add_auth until after I've created the node.
I also got the idea to try doing add_auth first and then creating it
with ZOO_CREATOR_ALL_ACL to skip generating the digest myself, but perl
core dumps at the call. Ditto withZOO_READ_ACL_UNSAFE. The only
predefined ACL that doesn't core dump is ZOO_OPEN_ACL_UNSAFE, which
doesn't help me any. So it looks like the perl interface has some issues.
Do you happen to know the syntax to use CREATOR_ALL_ACL with zkCli ? Or
syntax for using digest ACL on create or set_acl with zkCli?
On 1/25/2012 3:30 PM, Patrick Hunt wrote:
I notice this in your perl script:
$acl=[{"perms"=>ZOO_PERM_ALL,"scheme"=>"digest",id=>"user:$digest"}];
have you tried using id=>"user"? I don't think you should be providing
the digest here given you've already add_auth'd
I'd try it but I'm not setup at the moment to compile/run this.
Patrick
On Mon, Jan 23, 2012 at 8:18 PM, Ludwig Pummer
<[email protected]> wrote:
I used the doc's 2 lines of code to generate the digest.
$ perl -MMIME::Base64 -MDigest -e 'print
MIME::Base64::encode(Digest->new("SHA-1")->add("user:pass")->digest());'
smGaoVKd/cQkjm7b88GyorAUz20=
That matches the output below, but it makes sense since I *set* that? What
other digest value is there to compare it to?
I have no way to see what is the digest generated by ZooKeeper on addauth,
do I?
What's the digest acl syntax in zkCLI?
On 1/23/2012 12:49 PM, Patrick Hunt wrote:
I'm not super familiar with the perl bindings - did you try what's
documented/detailed in the perl docs?
http://search.cpan.org/~cdarroch/Net-ZooKeeper-0.35/ZooKeeper.pm#Access_Control
Did you compare the two base 64 encoded digests?
Patrick
On Mon, Jan 23, 2012 at 1:00 AM, Ludwig Pummer
<[email protected]> wrote:
Hello,
I'm just getting started with ZooKeeper and am having very little luck
with
digest ACLs.
I couldn't figure out the syntax for creating digest acls from zkCli
(create
nor setAcl), but I did manage to set ACLs on nodes using the perl
bindings.
However, I cannot read the node back.
"addauth digest user:pass" in zkCLI is accepted, but the subsequent get
results in a KeeperException$NoAuthException.
From the perl binding (Net::ZooKeeper 0.35), get always returns -102
(ZNOAUTH).
I'm running zookeeper 3.3.4.
-----
$ ./acltest1.pl
add_auth ok
created path /acl0000000028 with acl
node /acl0000000028 get error: -102
node /acl0000000028 has stat info:
czxid: 230
mzxid: 230
ctime: 1327308018904
mtime: 1327308018904
version: 0
children_version: 0
acl_version: 0
ephemeral_owner: 0
data_len: 5
num_children: 0
children_zxid: 230
node /acl0000000028 has ACL entry:
perms: 31
scheme: digest
id: user:smGaoVKd/cQkjm7b88GyorAUz20=
