You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Arshad Mohammad (JIRA)" <ji...@apache.org> on 2016/08/11 20:01:20 UTC

[jira] [Resolved] (ZOOKEEPER-2323) ZooKeeper client enters into infinite AuthFailedException cycle if its unable to recreate Kerberos ticket

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-2323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Arshad Mohammad resolved ZOOKEEPER-2323.
----------------------------------------
       Resolution: Fixed
    Fix Version/s:     (was: 3.5.3)
                       (was: 3.4.9)
                       (was: 3.6.0)
                   3.5.2

This defect got fixed with ZOOKEEPER-2139 fix.
After ZOOKEEPER-2139 fix Login object is created while connecting to each zookeeper server in the quorum, this way Zookeeper client gets chance to refresh the kerberos ticket while connecting to any of the zookeeper server. 
Verified in the 3.5.2-alpha release the issue is fixed.

> ZooKeeper client enters into infinite AuthFailedException cycle if its unable to recreate Kerberos ticket
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2323
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2323
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client
>    Affects Versions: 3.4.7, 3.5.1
>            Reporter: Arshad Mohammad
>            Assignee: Arshad Mohammad
>             Fix For: 3.5.2
>
>         Attachments: ZOOKEEPER-2323-01.patch
>
>
> ZooKeeper client enters into infinite AuthFailedException cycle. For every operation its throws AuthFailedException
> Here is the create operation exception
> {code}
> org.apache.zookeeper.KeeperException$AuthFailedException: KeeperErrorCode = AuthFailed for /continuousRunningZKClient
> 	at org.apache.zookeeper.KeeperException.create(KeeperException.java:127)
> 	at org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
> 	at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1753)
> {code}
> This can be reproduced easily with the following steps:
> # Reduce the ZooKeeper client principal max life for example set 2 min.  use command {color:blue} modprinc -maxlife 2min zkcli  {color} in kadmin. (This is done to reduce the issue reproduce time)
> # Connect Client to ZooKeeper quorum,let it gets connected and some operations are done successfully
> # Disconnect the Client's network, by pulling out the Ethernet cable or by any way. Now the Client is in disconnected state, no operation is expected,Client tries to reconnect to different-different servers in the ZooKeeper quorum.
> # After two minutes Client tries to get new Keberos ticket and it fails.
> # Connect the Client to network. Client comes in connected state but AuthFailedException for every operation.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)