You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@zookeeper.apache.org by bmugs <mu...@gmail.com> on 2018/10/31 18:55:24 UTC
Re: Getting Authentication Not valid while running reconfig Command
Hi,
We were also facing the same issue, this is how we resolved it:
Before starting the ZK server, add the following to zkServer.sh -
"-Dzookeeper.skipACL=yes"
This will skip the ACL authentication and you will be able to use reconfig
command.
Albeit this comes with a risk as you removes all authentication.
Hope this helps!
--
Sent from: http://zookeeper-user.578899.n2.nabble.com/
Re: Getting Authentication Not valid while running reconfig Command
Posted by Michael Han <ha...@apache.org>.
Please check out the reconfig release document for 3.5.3 beta, in
particular section "Access Control":
https://zookeeper.apache.org/doc/r3.5.3-beta/zookeeperReconfig.html
*"The dynamic configuration is stored in a special znode
ZooDefs.CONFIG_NODE = /zookeeper/config. This node by default is read only
for all users, except super user and users that's explicitly configured for
write access.*
*Clients that need to use reconfig commands or reconfig API should be
configured as users that have write access to CONFIG_NODE. By default, only
the super user has full control including write access to CONFIG_NODE.
Additional users can be granted write access through superuser by setting
an ACL that has write permission associated with specified user.*
*A few examples of how to setup ACLs and use reconfiguration API with
authentication can be found in ReconfigExceptionTest.java and
TestReconfigServer.cc."*
This is the recommended approach. The "skipACL" approach is not recommended
to use from a security perspective unless you don't care about access
control and also running ensembles in a trusted environment.
On Wed, Oct 31, 2018 at 12:00 PM bmugs <mu...@gmail.com> wrote:
> Hi,
>
> We were also facing the same issue, this is how we resolved it:
>
> Before starting the ZK server, add the following to zkServer.sh -
> "-Dzookeeper.skipACL=yes"
>
> This will skip the ACL authentication and you will be able to use reconfig
> command.
> Albeit this comes with a risk as you removes all authentication.
>
> Hope this helps!
>
>
>
>
> --
> Sent from: http://zookeeper-user.578899.n2.nabble.com/
>