zookeeper配置认证问题[配置了sasl,zkCli还能连上来]

小姚 发布于 2018/12/11 21:19
阅读 1K+
收藏 0

在zk/conf目录下创建一个jaas.conf:

Server{
    org.apache.zookeeper.server.auth.DigestLoginModule required
    username="admin"
    password="bangsun2"
    user_admin="bangsun2";
};

zk/conf/zoo.cfg文件后面加上:

authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl
jaasLoginRenew=3600000
zookeeper.sasl.client=true

bin/zkServer.sh在140行:nohup "$JAVA" 后面加上

"-Djava.security.auth.login.config=/Users/username/Documents/software/zookeeper-3.4.12/conf/jaas.conf"

启动zookeeper,没问题~!

 

然后使用bin/zkCli.sh访问:

./zkCli.sh -server host:2181

竟然连上了:

2018-12-11 21:03:57,499 [myid:] - INFO  [main-SendThread(192.168.1.124:2181):ClientCnxn$SendThread@1028] - Opening socket connection to server 192.168.1.124/192.168.1.124:2181. Will not attempt to authenticate using SASL (unknown error)

JLine support is enabled

2018-12-11 21:03:57,560 [myid:] - INFO  [main-SendThread(192.168.1.124:2181):ClientCnxn$SendThread@878] - Socket connection established to 192.168.1.124/192.168.1.124:2181, initiating session

2018-12-11 21:03:57,568 [myid:] - INFO  [main-SendThread(192.168.1.124:2181):ClientCnxn$SendThread@1302] - Session establishment complete on server 192.168.1.124/192.168.1.124:2181, sessionid = 0x1000212ad2e0009, negotiated timeout = 30000

WATCHER::

WatchedEvent state:SyncConnected type:None path:null

[zk: 192.168.1.124:2181(CONNECTED) 0]

 

然后测试一下使用用户名密码访问,新增文件conf/client-jaas.conf, 用户名其实不对的

Client{
       org.apache.zookeeper.server.auth.DigestLoginModule required
       username="bob"
       password="bobsecret";
};

在bin/zkCli.sh 38行"$JAVA"后加入:

"-Djava.security.auth.login.config=/Users/username/Documents/software/zookeeper-3.4.12/conf/client-jaas.conf"

执行:

./zkClient -server host:port

再连,竟然失败了:

2018-12-11 21:03:00,691 [myid:] - INFO  [main-SendThread(192.168.1.124:2181):SecurityUtils@68] - Client will use DIGEST-MD5 as SASL mechanism.

2018-12-11 21:03:00,692 [myid:] - INFO  [main-SendThread(192.168.1.124:2181):ClientCnxn$SendThread@1028] - Opening socket connection to server 192.168.1.124/192.168.1.124:2181. Will attempt to SASL-authenticate using Login Context section 'Client'

2018-12-11 21:03:00,693 [myid:] - INFO  [main-SendThread(192.168.1.124:2181):ClientCnxn$SendThread@878] - Socket connection established to 192.168.1.124/192.168.1.124:2181, initiating session

2018-12-11 21:03:00,694 [myid:] - INFO  [main-SendThread(192.168.1.124:2181):ClientCnxn$SendThread@1302] - Session establishment complete on server 192.168.1.124/192.168.1.124:2181, sessionid = 0x1000212ad2e0008, negotiated timeout = 30000

WATCHER::

WatchedEvent state:SyncConnected type:None path:null

折腾了好久,请教一下大神,这是为啥?

 

加载中
返回顶部
顶部