[jira] [Commented] (ZOOKEEPER-1437) Client uses session before SASL authentication complete

[Himanshu Vashishtha (JIRA)]

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13279679#comment-13279679
 ] 

Himanshu Vashishtha commented on ZOOKEEPER-1437:
------------------------------------------------

In case of cross realm authentication, I once got this exception:
{code}
2012-05-19 20:19:43,776 INFO org.apache.zookeeper.ClientCnxn: Opening socket 
connection to server /XXX.XX.XX.XX:2181
2012-05-19 20:19:43,776 INFO 
org.apache.hadoop.hbase.zookeeper.RecoverableZooKeeper: The identifier of th
is process is 3544@<HIDDEN>.com
2012-05-19 20:19:43,776 INFO org.apache.zookeeper.client.ZooKeeperSaslClient: 
Found Login Context section
 'Client': will use it to attempt to SASL-authenticate.
2012-05-19 20:19:43,776 INFO org.apache.zookeeper.client.ZooKeeperSaslClient: 
Client will use GSSAPI as S
ASL mechanism.
2012-05-19 20:19:43,777 INFO org.apache.zookeeper.ClientCnxn: Socket connection 
established to <hidden>.com XXX.XX.XXX.XX:2181, initiating session
2012-05-19 20:19:43,780 INFO 
org.apache.hadoop.hbase.replication.ReplicationZookeeper: Added new peer clu
ster 22
2012-05-19 20:19:43,783 INFO org.apache.hadoop.hbase.metrics: new MBeanInfo
2012-05-19 20:19:43,886 INFO org.apache.zookeeper.ClientCnxn: Session 
establishment complete on server XXX.XX.XXX.X:2181, sessionid = 
0x137683fb0680000, negotiated timeout = 40000
2012-05-19 20:19:43,903 WARN org.apache.zookeeper.ClientCnxn: Session 
0x137683fb0680000 for server  XXX.XX.XXX.X:1:2181, unexpected error, closing 
socket connection and attempting reconnect
java.io.IOException: Xid out of order. Got Xid 2 with err 0 expected Xid 1 for 
a packet with details: cli
entPath:null serverPath:null finished:false header:: 1,8  replyHeader:: 0,0,-4  
request:: '/hbase/rs,F  r
esponse:: v{}
        at 
org.apache.zookeeper.ClientCnxn$SendThread.readResponse(ClientCnxn.java:796)
        at 
org.apache.zookeeper.ClientCnxnSocketNIO.doIO(ClientCnxnSocketNIO.java:89)
        at 
org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:291)
        at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1039)
2012-05-19 20:19:43,903 WARN 
org.apache.hadoop.hbase.zookeeper.RecoverableZooKeeper: Possibly transient Z
ooKeeper exception: 
org.apache.zookeeper.KeeperException$ConnectionLossException: KeeperErrorCode = 
Conne
ctionLoss for /hbase/rs
2012-05-19 20:19:43,903 INFO org.apache.hadoop.hbase.util.RetryCounter: The 1 
times to retry  after sleep
ing 2000 ms
2012-05-19 20:19:45,125 INFO org.apache.zookeeper.ClientCnxn: Opening socket 
connection to server  XXX.XX.XXX.X:2181
2012-05-19 20:19:45,151 INFO org.apache.zookeeper.client.ZooKeeperSaslClient: 
Found Login Context section
 'Client': will use it to attempt to SASL-authenticate.
2012-05-19 20:19:45,152 INFO org.apache.zookeeper.client.ZooKeeperSaslClient: 
Client will use GSSAPI as S
ASL mechanism.
2012-05-19 20:19:45,152 INFO org.apache.zookeeper.ClientCnxn: Socket connection 
established to  XXX.XX.XXX.X:2181, initiating session
2012-05-19 20:19:45,155 INFO org.apache.zookeeper.ClientCnxn: Session 
establishment complete on server  XXX.XX.XXX.X:2181, sessionid = 
0x137683fb0680000, negotiated timeout = 40000

{code}

Though, this happened only once, but I am pasting it here if that might be 
useful... as its HBase related, and its about transaction mis-ordering.
                
> Client uses session before SASL authentication complete
> -------------------------------------------------------
>
>                 Key: ZOOKEEPER-1437
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1437
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client
>    Affects Versions: 3.4.3
>            Reporter: Thomas Weise
>            Assignee: Eugene Koontz
>             Fix For: 3.4.4, 3.5.0
>
>         Attachments: ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, 
> ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, 
> ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, 
> ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch
>
>
> Found issue in the context of hbase region server startup, but can be 
> reproduced w/ zkCli alone.
> getData may occur prior to SaslAuthenticated and fail with NoAuth. This is 
> not expected behavior when the client is configured to use SASL.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira