I'm experimenting with authentication in ZooKeeper. I've used the Eclipse ZooKeeper Explorer to connect to the locally running ZooKeeper instance. What I've observed is that when I configure ZooKeeper in stand-alone mode, I have to enter authentication information to connect with ZooKeeper explorer. But if I configure a quorum (of one or more instances), the authentication configuration has no effect-meaning I can connect with ZooKeeper explorer and create/update/delete nodes without having to enter any authentication credentials.
Am I missing something? Is there something else I need to do to get the authentication working when a quorum is configured?
I'm running ZooKeeper 3.4.5 on Windows 8 with JDK 7 (build 55)
Here's the ZooKeeper configuration:
# The number of milliseconds of each tick
tickTime=2000
# The number of ticks that the initial
# synchronization phase can take
initLimit=10
# The number of ticks that can pass between
# sending a request and getting an acknowledgement
syncLimit=5
# the directory where the snapshot is stored.
# do not use /tmp for storage, /tmp here is just
# example sakes.
dataDir=E: /zookeeper/zookeeper-3.4.5/data
# the port at which the clients will connect
clientPort=2181
server.1=hostname\:2888\:3888
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl
# renew server-side ticket once an hour. 1000*60*60 = 3600000 milliseconds
jaasLoginRenew=3600000
# Be sure to read the maintenance section of the
# administrator guide before turning on autopurge.
# http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_maintenance
# The number of snapshots to retain in dataDir
autopurge.snapRetainCount=1
# Purge task interval in hours
# Set to "0" to disable auto purge feature
autopurge.purgeInterval=1
I create the myid file in <dataDir> and created the file java.env with this line:
SERVER_JVMFLAGS="-Djava.security.auth.login.config=../conf/jaas.conf"
jaas.conf:
Server {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_super="adminsecret"
user_bob="bobsecret";
};
Javier Delgadillo
GeoEvent Extension
http://www.esri.com/
Am I missing something? Is there something else I need to do to get the authentication working when a quorum is configured?
I'm running ZooKeeper 3.4.5 on Windows 8 with JDK 7 (build 55)
Here's the ZooKeeper configuration:
# The number of milliseconds of each tick
tickTime=2000
# The number of ticks that the initial
# synchronization phase can take
initLimit=10
# The number of ticks that can pass between
# sending a request and getting an acknowledgement
syncLimit=5
# the directory where the snapshot is stored.
# do not use /tmp for storage, /tmp here is just
# example sakes.
dataDir=E: /zookeeper/zookeeper-3.4.5/data
# the port at which the clients will connect
clientPort=2181
server.1=hostname\:2888\:3888
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl
# renew server-side ticket once an hour. 1000*60*60 = 3600000 milliseconds
jaasLoginRenew=3600000
# Be sure to read the maintenance section of the
# administrator guide before turning on autopurge.
# http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_maintenance
# The number of snapshots to retain in dataDir
autopurge.snapRetainCount=1
# Purge task interval in hours
# Set to "0" to disable auto purge feature
autopurge.purgeInterval=1
I create the myid file in <dataDir> and created the file java.env with this line:
SERVER_JVMFLAGS="-Djava.security.auth.login.config=../conf/jaas.conf"
jaas.conf:
Server {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_super="adminsecret"
user_bob="bobsecret";
};
Javier Delgadillo
GeoEvent Extension
http://www.esri.com/
