[
https://issues.apache.org/jira/browse/ZOOKEEPER-2370?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15159393#comment-15159393
]
Chao Sun commented on ZOOKEEPER-2370:
-------------------------------------
Do you know where to get the client logs? I only found server logs in my
machine...
Also, I don't quite understand why do you think the authentication doesn't
happen successfully. Here is the complete output:
{code}
[zk: hostname(CONNECTING) 0] 2016-02-23 10:35:39,486 [myid:] - INFO
[main-SendThread(hostname:2181):Login@293] - successfully logged in.
2016-02-23 10:35:39,488 [myid:] - INFO [Thread-1:Login$1@127] - TGT refresh
thread started.
2016-02-23 10:35:39,493 [myid:] - INFO
[main-SendThread(hostname:2181):ZooKeeperSaslClient$1@252] - Client will use
GSSAPI as SASL mechanism.
2016-02-23 10:35:39,500 [myid:] - INFO [Thread-1:Login@301] - TGT valid
starting at: Tue Feb 23 10:35:39 PST 2016
2016-02-23 10:35:39,500 [myid:] - INFO [Thread-1:Login@302] - TGT expires:
Thu Mar 24 11:35:39 PDT 2016
2016-02-23 10:35:39,500 [myid:] - INFO [Thread-1:Login$1@181] - TGT refresh
sleeping until: Fri Mar 18 19:32:14 PDT 2016
2016-02-23 10:35:39,507 [myid:] - INFO
[main-SendThread(hostname:2181):ClientCnxn$SendThread@975] - Opening socket
connection to server hostname/172.26.13.160:2181. Will attempt to
SASL-authenticate using Login Context section 'Client'
2016-02-23 10:35:39,514 [myid:] - INFO
[main-SendThread(hostname:2181):ClientCnxn$SendThread@852] - Socket connection
established, initiating session, client: /172.26.13.160:41593, server:
hostname/172.26.13.160:2181
2016-02-23 10:35:39,521 [myid:] - INFO
[main-SendThread(hostname:2181):ClientCnxn$SendThread@1235] - Session
establishment complete on server hostname/172.26.13.160:2181, sessionid =
0x1530e4d2d1c05cd, negotiated timeout = 30000
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
WATCHER::
WatchedEvent state:SaslAuthenticated type:None path:null
{code}
>From the message, it is clear that it recognized the "Client" section in my
>{{jaas.conf}} and established a session with the server. In the end there's
>also "state:SaslAuthenticated".
I would be very surprised if this authentication is unsuccessful - it should
have some kind of error message in the output.
> Can't access Znodes after adding ACL with SASL
> ----------------------------------------------
>
> Key: ZOOKEEPER-2370
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2370
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.5
> Reporter: Chao Sun
>
> (My apology if this is not a bug.)
> I'm trying to use a ZK client which has successfully authenticated with a
> secure ZK server using principal {{me/[email protected]}}. However, the
> following simple commands failed:
> {code}
> [zk: hostname(CONNECTED) 0] create /zk-test "1"
> Created /zk-test
> [zk: hostname(CONNECTED) 1] setAcl /zk-test sasl:me/[email protected]:cdrwa
> cZxid = 0x3e3b
> ctime = Mon Feb 22 23:10:36 PST 2016
> mZxid = 0x3e3b
> mtime = Mon Feb 22 23:10:36 PST 2016
> pZxid = 0x3e3b
> cversion = 0
> dataVersion = 0
> aclVersion = 1
> ephemeralOwner = 0x0
> dataLength = 3
> numChildren = 0
> [zk: hostname(CONNECTED) 2] getAcl /zk-test
> 'sasl,'me/[email protected]
> : cdrwa
> [zk: hostname(CONNECTED) 3] ls /zk-test
> Authentication is not valid : /zk-test
> [zk: hostname(CONNECTED) 4] create /zk-test/c "2"
> Authentication is not valid : /zk-test/c
> {code}
> I wonder what I did wrong here, or is this behavior intentional? how can I
> delete the znodes? Thanks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
