Couple of things which you can check - 1) if your Zookeeper server is not running with Zookeeper I’d then you need to set Zookeeper.sasl.client.username 2) set java.security.auth.login.config
And I also faced the same issue that there is no strict enforcement to allow only authenticated client. Unless someone is aware of the way I doubt we may need to wait for 3.6 Thanks Srikant Sent from my iPhone > On 30 Dec 2019, at 8:11 PM, Arpit Jain <[email protected]> wrote: > > Hi, > > I have configured Zookeeper 3.5.5 to use SASL authentication using > Kerberos. I am able to authenticate ZK with Kerberos server but I don't see > any authentication happening between Zookeeper client (curator) and ZK > server. I have put the following setting in zoo.cfg and followed this guide > https://cwiki.apache.org/confluence/display/ZOOKEEPER/Client-Server+mutual+authentication > . > > authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider > requireClientAuthScheme=sasl > > What additional setting I need to provide so that only authenticated > clients (for which principals are present in Kerberos server) can connect > to ZK server ? > I also found this link > https://github.com/apache/zookeeper/pull/118/commits which > mentions that it will be strict only from ZK 3.6 onwards and currently ZK > does not enforce it even if we have the configuration. > > Thanks
