You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Brahma Reddy Battula (JIRA)" <ji...@apache.org> on 2014/09/15 10:13:33 UTC

[jira] [Updated] (ZOOKEEPER-2036) Client which is not authorized able to access the Secure Data which is created by the Secure Client

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-2036?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brahma Reddy Battula updated ZOOKEEPER-2036:
--------------------------------------------
    Summary: Client which is not authorized able to access the Secure Data which is created by the Secure Client  (was: Client which is not unauthorized able to access the Secure Data which is created by the Secure Client)

> Client which is not authorized able to access the Secure Data which is created by the Secure Client
> ---------------------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2036
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2036
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.4.5
>            Reporter: Brahma Reddy Battula
>            Priority: Blocker
>
>  *{color:blue}Scenario:{color}* 
> Started the Secure ZK Cluster.
> Logged with Secure ZK Client(by passing valid jaas.conf) and created the Znodes
> Now logged in to same secure cluster using unsecure ZKClient (without jaas.conf) to same Cluster and able to access the data which is created by the Secured Client..
>  *{color:blue}Secured Client{color}:(which is created the Znodes)* 
> 2014-09-15 13:40:56,288 [myid:] - INFO  [main-SendThread(localhost:2181):ZooKeeperSaslClient$1@285] - Client will use GSSAPI as SASL mechanism.
> 2014-09-15 13:40:56,296 [myid:] - INFO  [Thread-1:Login@301] - TGT valid starting at:        Mon Sep 15 13:40:56 IST 2014
> 2014-09-15 13:40:56,296 [myid:] - INFO  [Thread-1:Login@302] - TGT expires:                  Tue Sep 16 13:40:56 IST 2014
> 2014-09-15 13:40:56,296 [myid:] - INFO  [Thread-1:Login$1@181] - TGT refresh sleeping until: Tue Sep 16 09:36:04 IST 2014
> 2014-09-15 13:40:56,302 [myid:] - INFO  [main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket connection to server localhost/0:0:0:0:0:0:0:1:2181. Will attempt to SASL-authenticate using Login Context section 'Client'
> 2014-09-15 13:40:56,308 [myid:] - INFO  [main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket connection established to localhost/0:0:0:0:0:0:0:1:2181, initiating session
> 2014-09-15 13:40:56,344 [myid:] - INFO  [main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid = 0x1486856657e0016, negotiated timeout = 30000
> WATCHER::
> WatchedEvent state:SyncConnected type:None path:null
> WATCHER::
> WatchedEvent state:SaslAuthenticated type:None path:null
> [zk: localhost:2181(CONNECTED) 1] create -s /tmp-seq 'sd:er:'
> Created /tmp-seq0000000003
> [zk: localhost:2181(CONNECTED) 2] create -s /tmp-seq 'sd:er:'
> Created /tmp-seq0000000004
> [zk: localhost:2181(CONNECTED) 0] ls /
> [tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002, zookeeper]
>  *{color:blue}UnSecured Client{color}:(which is Accesing Znodes)* 
> 014-09-15 13:00:30,441 [myid:] - INFO  [main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket connection to server localhost/127.0.0.1:2181
> WatchedEvent state:AuthFailed type:None path:null
> JLine support is enabled
> 2014-09-15 13:00:30,451 [myid:] - INFO  [main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket connection established to localhost/127.0.0.1:2181, initiating session
> [zk: localhost:2181(CONNECTING) 0] 2014-09-15 13:00:30,488 [myid:] - INFO  [main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session establishment complete on server localhost/127.0.0.1:2181, sessionid = 0x348685662250005, negotiated timeout = 30000
> WATCHER::
> WatchedEvent state:SyncConnected type:None path:null
> [zk: localhost:2181(CONNECTED) 0] ls /
> [tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002, zookeeper]
> [zk: localhost:2181(CONNECTED) 1] get /tmp-seq000000000
> tmp-seq0000000004   tmp-seq0000000003   tmp-seq0000000002
> [zk: localhost:2181(CONNECTED) 1] get /tmp-seq0000000002
> ''
> cZxid = 0x100000040
> ctime = Mon Sep 15 12:51:50 IST 2014
> mZxid = 0x100000040
> mtime = Mon Sep 15 12:51:50 IST 2014
> pZxid = 0x100000040
> cversion = 0
> dataVersion = 0
> aclVersion = 0
> ephemeralOwner = 0x0
> dataLength = 2
> numChildren = 0



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)