Details
Description
Currently the CnxnFactory checks for "java.security.auth.login.config" to decide whether or not enable SASL.
- zookeeper/server/NIOServerCnxnFactory.java
- zookeeper/server/NettyServerCnxnFactory.java
- configure() checks for "java.security.auth.login.config"
- If present start the new Login("Server", SaslServerCallbackHandler(conf))
- configure() checks for "java.security.auth.login.config"
But since the SaslServerCallbackHandler does the right thing just checking if getAppConfigurationEntry() is empty, we can allow SASL with JAAS configuration to be programmatically just checking weather or not a configuration entry is present instead of "java.security.auth.login.config".
(Something quite similar was done for the SaslClient in ZOOKEEPER-1373)
Attachments
Attachments
Issue Links
- is related to
-
ZOOKEEPER-1455 there is no way to determine if a session is sasl authenticated or not
- Open
- relates to
-
ZOOKEEPER-1373 Hardcoded SASL login context name clashes with Hadoop security configuration override
- Resolved
-
ZOOKEEPER-1503 remove redundant JAAS configuration code in SaslAuthTest and SaslAuthFailTest
- Resolved