[ZOOKEEPER-1764] ZooKeeper attempts at SASL eventhough it shouldn't - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Implemented
Affects Version/s: 3.4.4
Fix Version/s: 3.4.6
Component/s: java client
Labels:
None

Release Note:
Solved by ~~ZOOKEEPER-1657~~

Description

We are using a proprietary SASL solution, but we don't want to use it with ZooKeeper. Unfortunately it seems, that there is no way to disable SASL for ZooKeeper as the code only checks for presence of "java.security.auth.login.config" system property to determine whether SASL should be used or not.
For us it means, that ZooKeeper client just shuts down after SASL is initialized. What happens:

1) System.getProperty("java.security.auth.login.config") is initially null
2) ZooKeeper is initialized and used
3) Our JAAS/SASL component is initialized
4) System.getProperty("java.security.auth.login.config") is not null anymore
5) ZooKeeperSaslClient.clientTunneledAuthenticationInProgress() suddenly picks up the new property and starts returning true
6) ClientCnxnSocketNIO.findSendablePacket() suddenly stops returning any packets since clientTunneledAuthenticationInProgress is always true

The communication is halted and eventually times out.

Attachments

Issue Links

depends upon

ZOOKEEPER-1455 there is no way to determine if a session is sasl authenticated or not

Open

is broken by

ZOOKEEPER-1437 Client uses session before SASL authentication complete

Resolved

is superceded by

ZOOKEEPER-1657 Increased CPU usage by unnecessary SASL checks

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Kuba Skopal

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 25/Sep/13 09:51

Updated:: 13/Mar/14 18:17

Resolved:: 25/Sep/13 17:05