Arpit, Up to 3.5.x you can only leverage auth only in conjunction with ACLs.
I hope we are able to release 3.6.0 within a couple of weeks. If you have time you can build from branch-3.6 and run the server enabling that feature tha you are pointing to. It is a server side change only so you can use 3.5 in your application Enrico Il lun 30 dic 2019, 13:23 shrikant kalani <shrikantkal...@gmail.com> ha scritto: > Couple of things which you can check - > 1) if your Zookeeper server is not running with Zookeeper I’d then you > need to set Zookeeper.sasl.client.username > 2) set java.security.auth.login.config > > And I also faced the same issue that there is no strict enforcement to > allow only authenticated client. Unless someone is aware of the way I doubt > we may need to wait for 3.6 > > Thanks > Srikant > > Sent from my iPhone > > > On 30 Dec 2019, at 8:11 PM, Arpit Jain <jain.arp...@gmail.com> wrote: > > > > Hi, > > > > I have configured Zookeeper 3.5.5 to use SASL authentication using > > Kerberos. I am able to authenticate ZK with Kerberos server but I don't > see > > any authentication happening between Zookeeper client (curator) and ZK > > server. I have put the following setting in zoo.cfg and followed this > guide > > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/Client-Server+mutual+authentication > > . > > > > > authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider > > requireClientAuthScheme=sasl > > > > What additional setting I need to provide so that only authenticated > > clients (for which principals are present in Kerberos server) can connect > > to ZK server ? > > I also found this link > > https://github.com/apache/zookeeper/pull/118/commits which > > mentions that it will be strict only from ZK 3.6 onwards and currently ZK > > does not enforce it even if we have the configuration. > > > > Thanks >
