[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kapil Thangavelu updated ZOOKEEPER-757:
---------------------------------------

    Description: 

The zookeeper   digest authentication and acl scheme needs a bit more 
documentation. Currently its documented in the programmer guide.

"""
digest uses a username:password string to generate MD5 hash which is then used 
as an ACL ID identity. Authentication is done by sending the username:password 
in clear text. When used in the ACL the expression will be the username:base64 
encoded SHA1 password digest.
"""

however its actually the digest of the entire credential that needs to be used.

I've attached a python unit test that sets and verifies an acl on a node.





                
                


  was:
I'm trying to use zookeeper via zkpython to set an acl on a node, and then test 
that acl, by attempting to access the node with identity configured in the acl. 
I've configured a super user, connect to zookeeper as the superuser, and then 
create a node an acl with the all permission and a digest scheme for a user. I 
then attempt to connect to zookeeper with as the user specified in the acl, 
however i find that i end up not being able to touch the node to perfom actoins 
like getChlidren without getting an unauthenticated exceptoin, perhaps even 
more oddly i can't access the node with the super user (passed in via system 
property on the cli via Dzookeeper.DigestAuthenticationProvider.superDigest). 
Any attempt to acces the node raises an exception
zookeeper.NoAuthException: not authenticated

i've attached  a failing unit test patch against trunk.

[update]
patrick was able to point out that the issue was that the digest needed to be 
of both user and password, while i had been trying a password digest.

I've updated the ticket to reflect the need for documenting this capability, 
and have attached a working unit test against trunk against for this 
functionality.



                
                


    Component/s: documentation

reference the current documentation which needs updating as it currently states 
its a sha1 password digest. 

> zkpython acl/auth usage needs documentation + unit test
> -------------------------------------------------------
>
>                 Key: ZOOKEEPER-757
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-757
>             Project: Zookeeper
>          Issue Type: Bug
>          Components: contrib-bindings, documentation
>    Affects Versions: 3.3.0, 3.4.0
>         Environment: ubuntu karmic / lucid  ... sun jdk 1.6.0_20 
>            Reporter: Kapil Thangavelu
>         Attachments: working-test-acl-verify.diff
>
>
> The zookeeper   digest authentication and acl scheme needs a bit more 
> documentation. Currently its documented in the programmer guide.
> """
> digest uses a username:password string to generate MD5 hash which is then 
> used as an ACL ID identity. Authentication is done by sending the 
> username:password in clear text. When used in the ACL the expression will be 
> the username:base64 encoded SHA1 password digest.
> """
> however its actually the digest of the entire credential that needs to be 
> used.
> I've attached a python unit test that sets and verifies an acl on a node.
>               
>               

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to