zookeeper digest authentication

Tue, 14 Dec 2021 05:20:37 -0800 

Hi,
I'm having trouble implementing the simplest zookeeper (v 3.7.0) authentication 
using just username and password and the 'digest' mechanism.
I tried various config properties, but none of them worked.
The problem is, that when I connect giving the wrong credentials I am still 
being successfully authenticated instead of being rejected.
My setup below (including oprions I have tried, but didn't work, so I commented 
them:
Zoo.cfg:
#SASL----------------------------------------------------------------------------

#authProvider.sasl=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
#authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
#requireClientAuthScheme=sasl
#sessionRequireClientSASLAuth=true
#set.acl=true
DigestAuthenticationProvider.enabled=true
enforce.auth.enabled=true
enforce.auth.schemes=digest
#SASL 
END--------------------------------------------------------------------------

Jaas_config:
Server {
       org.apache.zookeeper.server.auth.DigestLoginModule required
       user_super="adminsecret"
       user_bob="bobsecret";
};
Client code:
CuratorFrameworkFactory.Builder builder = CuratorFrameworkFactory.builder()
                .connectString(connectUris(zookeeper, "zookeeper:2181"))
                .connectionStateErrorPolicy(connectionStateErrorPolicy)
                .retryPolicy(retryPolicy)
                .aclProvider(aclProvider)
                .connectionTimeoutMs(10000)
                .sessionTimeoutMs(sessionTimeout);
        if(zookeeperAuthEnabled){
            builder.authorization("digest", "kuku:adminsecret4".getBytes());
        }
        curatorClient = builder.build();
        curatorClient.getConnectionStateListenable().addListener((c, s) -> {
            connectionState = s;
            log.info(MessageFormat.format("CuratorState 
[State={0},Connected={1}]", s.name(), s.isConnected()));
        });
        curatorClient.start();
        try {
            curatorClient.blockUntilConnected();
            leaderLatch = initLeadership();
        } catch (InterruptedException e) {
            log.info(e);
        }

As a result, when the application starts I a successful authentication and a 
message in zookeeper console:
2021-12-14 14:08:45,854 [myid:] - INFO  
[NIOWorkerThread-13:ZooKeeperServer@1623] - got auth packet 
/192.168.43.169:49753
2021-12-14 14:08:45,854 [myid:] - INFO  
[NIOWorkerThread-13:ZooKeeperServer@1642] - Session 0x1004d2f28d00001: auth 
success for scheme digest and address /192.168.43.169:49753


Andrzej Trzeciak
Senior System Engineer
[Exela 
Technologies]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.exelatech.com&d=DwMGAg&c=vUJZwL3cXgysPapgT_xxpQ&r=qYKonYlzjxczUafF69aUpTo2yr3vlnyfAIfacMfaFVc&m=BEleYOt4bfeuGjzvehekEKqcRyy6_G9eQLtKlteRxRA&s=ZtZoxYybCmOC8pf0yeoK229hRtlZVj15I1uUn8zMCe8&e=>
Grudziądzka 46-48 * 87-100 Toruń * Poland
Tel. +48 573 251 507
exelatech.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.exelatech.com&d=DwMGAg&c=vUJZwL3cXgysPapgT_xxpQ&r=qYKonYlzjxczUafF69aUpTo2yr3vlnyfAIfacMfaFVc&m=BEleYOt4bfeuGjzvehekEKqcRyy6_G9eQLtKlteRxRA&s=ZtZoxYybCmOC8pf0yeoK229hRtlZVj15I1uUn8zMCe8&e=>
  *  About 
EXELA<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.exelatech.com_about-2Dus&d=DwMGAg&c=vUJZwL3cXgysPapgT_xxpQ&r=qYKonYlzjxczUafF69aUpTo2yr3vlnyfAIfacMfaFVc&m=BEleYOt4bfeuGjzvehekEKqcRyy6_G9eQLtKlteRxRA&s=2TsjiQIkpmtM3JqrI3DlrrcVDtrKmEIWVY5kqx67Foc&e=>
  *  
Instagram<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.instagram.com_exelatechnologies&d=DwMGAg&c=vUJZwL3cXgysPapgT_xxpQ&r=qYKonYlzjxczUafF69aUpTo2yr3vlnyfAIfacMfaFVc&m=BEleYOt4bfeuGjzvehekEKqcRyy6_G9eQLtKlteRxRA&s=7GytPlw8jAryTL_JwfZEk8_Bt6Hpe1ZWEVzZTrg2MGw&e=>
  *  
LinkedIn<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_company_exela-2Dtechnologies&d=DwMGAg&c=vUJZwL3cXgysPapgT_xxpQ&r=qYKonYlzjxczUafF69aUpTo2yr3vlnyfAIfacMfaFVc&m=BEleYOt4bfeuGjzvehekEKqcRyy6_G9eQLtKlteRxRA&s=vgnCkdlePgn9sFFxSElE3Mfig4_T_crRXr0TfTU6cDM&e=>

________________________________
Please consider the environment before printing or forwarding this email. If 
you do print this email, please recycle the paper.

This email message may contain confidential, proprietary and/or privileged 
information. It is intended only for the use of the intended recipient(s). If 
you have received it in error, please immediately advise the sender by reply 
email and then delete this email message. Any disclosure, copying, distribution 
or use of the information contained in this email message to or by anyone other 
than the intended recipient is strictly prohibited. Any views expressed in this 
message are those of the individual sender, except where the sender 
specifically states them to be the views of Exela Technologies, Inc. or its 
subsidiaries.

This email does not constitute an agreement to conduct transactions by 
electronic means and does not create any legally binding contract or 
enforceable obligation against Exela in the absence of a fully signed written 
agreement.

Reply via email to