标签:zookeeper auth server conf sasl Dzookeeper 服务端
一、zookeeper配置
1、conf/zk_server_jaas.conf
##DIGEST-MD5 authentication
Server {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_super="adminsecret" #用户为super,密码为adminsecret
user_bob="bobsecret";
};
Client {
org.apache.zookeeper.server.auth.DigestLoginModule required
username="bob"
password="bobsecret";
};
注意Server和Client在用户和密码配置之间的区别
2、conf/java.env
CLIENT_JVMFLAGS="${CLIENT_JVMFLAGS} -Djava.security.auth.login.config=/path/to/client/jaas/file.conf"
SERVER_JVMFLAGS="-Djava.security.auth.login.config=/path/to/server/jaas/file.conf \
-Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider \
-Dzookeeper.requireClientAuthScheme=sasl \
-Dzookeeper.jaasLoginRenew=3600000 \
-Dzookeeper.zookeeper.sasl.client=true \
-Dzookeeper.allowSaslFailedClients=false \
-Dzookeeper.sessionRequireClientSASLAuth=true \
"
3、启动zookeeper即可
二、zookeeper强制开启sasl
1、requireClientAuthScheme=sasl
单纯这一行并不顶用,客户端依旧可以以非sasl的方式登录
https://www.likecs.com/ask-9655894.html
2、参数
allowSaslFailedClients=false
sessionRequireClientSASLAuth=true
这俩参数可以控制客户端必须以sasl连接,如果非sasl连接,无法做任何操作
标签:zookeeper,
auth,
server,
conf,
sasl,
Dzookeeper,
服务端
From: https://blog.51cto.com/u_13236892/6459019