You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Sunil Kumar (JIRA)" <ji...@apache.org> on 2019/07/02 19:52:00 UTC

[jira] [Comment Edited] (ZOOKEEPER-1045) Support Quorum Peer mutual authentication via SASL

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16877274#comment-16877274 ] 

Sunil Kumar edited comment on ZOOKEEPER-1045 at 7/2/19 7:51 PM:
----------------------------------------------------------------

Patch provided with [#ZOOKEEPER-24443] is not available in the org.apache.zookeeper.util.SecurityUtils.java in release version 3.5.5. can some provide on details if this is missed or any alternate way provided to fix the issue.

 

ERROR [NIOServerCxnFactory.SelectorThread-2:SecurityUtils@249] - server principal name/hostname determination error: 
 java.lang.StringIndexOutOfBoundsException: String index out of range: -1
 at java.lang.String.substring(String.java:1967)
 at org.apache.zookeeper.util.SecurityUtils.createSaslServer(SecurityUtils.java:174)
 at org.apache.zookeeper.server.ZooKeeperSaslServer.createSaslServer(ZooKeeperSaslServer.java:44)
 at org.apache.zookeeper.server.ZooKeeperSaslServer.<init>(ZooKeeperSaslServer.java:38)
 at org.apache.zookeeper.server.NIOServerCnxn.<init>(NIOServerCnxn.java:104)
 at org.apache.zookeeper.server.NIOServerCnxnFactory.createConnection(NIOServerCnxnFactory.java:848)
 at org.apache.zookeeper.server.NIOServerCnxnFactory$SelectorThread.processAcceptedConnections(NIOServerCnxnFactory.java:479)
 at org.apache.zookeeper.server.NIOServerCnxnFactory$SelectorThread.run(NIOServerCnxnFactory.java:392)

 


was (Author: sunil.yadav):
Patch provided with [#ZOOKEEPER-24443] is not available in the org.apache.zookeeper.util.SecurityUtils.java in release version 3.5.5. can some one details on if this is missed or any alternate way provided to fix the issue.

 

ERROR [NIOServerCxnFactory.SelectorThread-2:SecurityUtils@249] - server principal name/hostname determination error: 
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
 at java.lang.String.substring(String.java:1967)
 at org.apache.zookeeper.util.SecurityUtils.createSaslServer(SecurityUtils.java:174)
 at org.apache.zookeeper.server.ZooKeeperSaslServer.createSaslServer(ZooKeeperSaslServer.java:44)
 at org.apache.zookeeper.server.ZooKeeperSaslServer.<init>(ZooKeeperSaslServer.java:38)
 at org.apache.zookeeper.server.NIOServerCnxn.<init>(NIOServerCnxn.java:104)
 at org.apache.zookeeper.server.NIOServerCnxnFactory.createConnection(NIOServerCnxnFactory.java:848)
 at org.apache.zookeeper.server.NIOServerCnxnFactory$SelectorThread.processAcceptedConnections(NIOServerCnxnFactory.java:479)
 at org.apache.zookeeper.server.NIOServerCnxnFactory$SelectorThread.run(NIOServerCnxnFactory.java:392)

 

> Support Quorum Peer mutual authentication via SASL
> --------------------------------------------------
>
>                 Key: ZOOKEEPER-1045
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: quorum, security
>            Reporter: Eugene Koontz
>            Assignee: Rakesh R
>            Priority: Critical
>             Fix For: 3.4.10
>
>         Attachments: 0001-ZOOKEEPER-1045-br-3-4.patch, 1045_failing_phunt.tar.gz, HOST_RESOLVER-ZK-1045.patch, QuorumPeer Mutual Authentication Via Sasl Feature Doc - 2016-Nov-10.pdf, QuorumPeer Mutual Authentication Via Sasl Feature Doc - 2016-Nov-25.pdf, QuorumPeer Mutual Authentication Via Sasl Feature Doc - 2016-Nov-29.pdf, QuorumPeer Mutual Authentication Via Sasl Feature Doc - 2016-Nov-30.pdf, QuorumPeer Mutual Authentication Via Sasl Feature Doc - 2016-Sep-25.pdf, TEST-org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.txt, ZK-1045-test-case-failure-logs.zip, ZOOKEEPER-1045 Test Plan.pdf, ZOOKEEPER-1045-00.patch, ZOOKEEPER-1045-Rolling Upgrade Design Proposal.pdf, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045TestValidationDesign.pdf, org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.testRollingUpgrade.log
>
>
> ZOOKEEPER-938 addresses mutual authentication between clients and servers. This bug, on the other hand, is for authentication among quorum peers. Hopefully much of the work done on SASL integration with Zookeeper for ZOOKEEPER-938 can be used as a foundation for this enhancement.
> Review board: https://reviews.apache.org/r/47354/



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)