[
https://issues.apache.org/jira/browse/ZOOKEEPER-4885?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xin Chen updated ZOOKEEPER-4885:
--------------------------------
Description:
About ZOOKEEPER-2139 & ZOOKEEPER-2323, it just avoids ZooKeeper clients into
infinite AuthFailedException. Noauth Exception still exists!
LoginException was thrown through each login, but at this point, a zkclient
without Kerberos SASL authentication was created. Non SASL Znodes can be
operated on in the future. However, when Kerberos recovers from network
disconnections and other anomalies, the previously created zkclient without
SASL authentication is still being used without rebuilding the login or
recreating a saslclient. If it is used to operate on ACL Znodes at this time,
an error will always be reported:
{code:java}
KeeperErrorCode = NoAuth for /zookeeper
or
KeeperErrorCode = AuthFailed for /zookeeper
or
KeeperErrorCode = InvalidACL for /zookeeper{code}
Isn't this a question that should be considered? And I also met this issue in
ZK-3.6.4,It seems that this issue has not been considered in the updated
version.
was:
About ZOOKEEPER-2139, it just avoids ZooKeeper clients into infinite
AuthFailedException. NoauthException still exists!
LoginException was thrown through each login, but at this point, a zkclient
without Kerberos SASL authentication was created. Non SASL Znodes can be
operated on in the future. However, when Kerberos recovers from network
disconnections and other anomalies, the previously created zkclient without
SASL authentication is still being used without rebuilding the login or
recreating a saslclient. If it is used to operate on ACL Znodes at this time,
an error will always be reported:
{code:java}
KeeperErrorCode = NoAuth for /zookeeper
or
KeeperErrorCode = AuthFailed for /zookeeper
or
KeeperErrorCode = InvalidACL for /zookeeper{code}
Isn't this a question that should be considered? And I also met this issue in
ZK-3.6.4,It seems that this issue has not been considered in the updated
version.
> Can Non-SASL-Clients automatically recover with the recovery of kerberos
> communication?
> ---------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-4885
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4885
> Project: ZooKeeper
> Issue Type: Improvement
> Affects Versions: 3.4.14, 3.6.4, 3.9.3
> Reporter: Xin Chen
> Priority: Major
>
> About ZOOKEEPER-2139 & ZOOKEEPER-2323, it just avoids ZooKeeper clients into
> infinite AuthFailedException. Noauth Exception still exists!
> LoginException was thrown through each login, but at this point, a zkclient
> without Kerberos SASL authentication was created. Non SASL Znodes can be
> operated on in the future. However, when Kerberos recovers from network
> disconnections and other anomalies, the previously created zkclient without
> SASL authentication is still being used without rebuilding the login or
> recreating a saslclient. If it is used to operate on ACL Znodes at this time,
> an error will always be reported:
> {code:java}
> KeeperErrorCode = NoAuth for /zookeeper
> or
> KeeperErrorCode = AuthFailed for /zookeeper
> or
> KeeperErrorCode = InvalidACL for /zookeeper{code}
> Isn't this a question that should be considered? And I also met this issue
> in ZK-3.6.4,It seems that this issue has not been considered in the updated
> version.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
