You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Meyer Kizner (JIRA)" <ji...@apache.org> on 2016/10/28 17:51:58 UTC

[jira] [Commented] (ZOOKEEPER-2346) SASL Auth failure manifested to client as connection refusal

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15616074#comment-15616074 ] 

Meyer Kizner commented on ZOOKEEPER-2346:
-----------------------------------------

It looks like this is a race in the code that handles SASL authentication failures. While testing out SASL on our installation, I've observed both the behavior described in this issue and a more correct version, in which the server sends a null SASL token back to the client before closing the connection.

I have a short patch for this, but it doesn't look like I can upload it unless I'm assigned this issue. Can someone fix that for me?

> SASL Auth failure manifested to client as connection refusal
> ------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2346
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2346
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.4.6
>            Reporter: Steve Loughran
>
> If a client can't authenticate via sasl then (a) the stack trace is lost on the server logs, and (b) it is exposed to the client as a connection refusal. This results in curator retrying many times before giving up —and with the cause being misinterpreted as a server-down problem, rather than a client-not-trusted problem



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)