You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Thomas Weise (Commented) (JIRA)" <ji...@apache.org> on 2012/03/29 04:13:27 UTC

[jira] [Commented] (ZOOKEEPER-1437) Client uses session before SASL authentication complete

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-1437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13240922#comment-13240922 ] 

Thomas Weise commented on ZOOKEEPER-1437:
-----------------------------------------

PASSES: Interactive getData on ACL protected node:

./zkCli.sh -server gsbl90247

[zk: gsbl90247(CONNECTED) 1] ls /hbase
[splitlog, unassigned, root-region-server, rs, draining, table, master, tokenauth, shutdown, hbaseid]

[zk: gsbl90247(CONNECTED) 2] getAcl /hbase
'sasl,'hbase
: cdrwa

This works because by the time the ls /hbase is executed, SASL authentication is complete (WatchedEvent state:SaslAuthenticated)


FAILS: When running the command immediately:

./zkCli.sh -server gsbl90247 -e "ls /hbase"  

WATCHER::

WatchedEvent state:SyncConnected type:None path:null
Exception in thread "main" org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /hbase
        at org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
        at org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
        at org.apache.zookeeper.ZooKeeper.getChildren(ZooKeeper.java:1448)
        at org.apache.zookeeper.ZooKeeper.getChildren(ZooKeeper.java:1476)
        at org.apache.zookeeper.ZooKeeperMain.processZKCmd(ZooKeeperMain.java:717)
        at org.apache.zookeeper.ZooKeeperMain.processCmd(ZooKeeperMain.java:593)
        at org.apache.zookeeper.ZooKeeperMain.run(ZooKeeperMain.java:354)
        at org.apache.zookeeper.ZooKeeperMain.main(ZooKeeperMain.java:282)

WATCHER::

WatchedEvent state:SaslAuthenticated type:None path:null


getData occurs prior to SaslAuthenticated. 

                
> Client uses session before SASL authentication complete
> -------------------------------------------------------
>
>                 Key: ZOOKEEPER-1437
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1437
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client
>    Affects Versions: 3.4.3
>            Reporter: Thomas Weise
>
> Found issue in the context of hbase region server startup, but can be reproduced w/ zkCli alone.
> getData may occur prior to SaslAuthenticated and fail with NoAuth. This is not expected behavior when the client is configured to use SASL.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira