[
https://issues.apache.org/jira/browse/ZOOKEEPER-757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kapil Thangavelu updated ZOOKEEPER-757:
---------------------------------------
Description:
The zookeeper digest authentication and acl scheme needs a bit more
documentation. Currently its documented in the programmer guide.
"""
digest uses a username:password string to generate MD5 hash which is then used
as an ACL ID identity. Authentication is done by sending the username:password
in clear text. When used in the ACL the expression will be the username:base64
encoded SHA1 password digest.
"""
however its actually the digest of the entire credential that needs to be used.
I've attached a python unit test that sets and verifies an acl on a node.
was:
I'm trying to use zookeeper via zkpython to set an acl on a node, and then test
that acl, by attempting to access the node with identity configured in the acl.
I've configured a super user, connect to zookeeper as the superuser, and then
create a node an acl with the all permission and a digest scheme for a user. I
then attempt to connect to zookeeper with as the user specified in the acl,
however i find that i end up not being able to touch the node to perfom actoins
like getChlidren without getting an unauthenticated exceptoin, perhaps even
more oddly i can't access the node with the super user (passed in via system
property on the cli via Dzookeeper.DigestAuthenticationProvider.superDigest).
Any attempt to acces the node raises an exception
zookeeper.NoAuthException: not authenticated
i've attached a failing unit test patch against trunk.
[update]
patrick was able to point out that the issue was that the digest needed to be
of both user and password, while i had been trying a password digest.
I've updated the ticket to reflect the need for documenting this capability,
and have attached a working unit test against trunk against for this
functionality.
Component/s: documentation
reference the current documentation which needs updating as it currently states
its a sha1 password digest.
> zkpython acl/auth usage needs documentation + unit test
> -------------------------------------------------------
>
> Key: ZOOKEEPER-757
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-757
> Project: Zookeeper
> Issue Type: Bug
> Components: contrib-bindings, documentation
> Affects Versions: 3.3.0, 3.4.0
> Environment: ubuntu karmic / lucid ... sun jdk 1.6.0_20
> Reporter: Kapil Thangavelu
> Attachments: working-test-acl-verify.diff
>
>
> The zookeeper digest authentication and acl scheme needs a bit more
> documentation. Currently its documented in the programmer guide.
> """
> digest uses a username:password string to generate MD5 hash which is then
> used as an ACL ID identity. Authentication is done by sending the
> username:password in clear text. When used in the ACL the expression will be
> the username:base64 encoded SHA1 password digest.
> """
> however its actually the digest of the entire credential that needs to be
> used.
> I've attached a python unit test that sets and verifies an acl on a node.
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
