-Re: zookeeper ACL issues
Jim Klucar 2012-01-05, 02:14
That worked for the CLI. What is the data in there? base64 encoding of the
Have you heard of anyone trying to implement an OAuth style authentication
for the Authenticator? I was thinking I would have to put in a whole layer
that talked to ZK directly for authentication, but perhaps not.
thanks for help.
On Wed, Jan 4, 2012 at 3:48 PM, Eric Newton <[EMAIL PROTECTED]> wrote:
> In fact, that's why there is an abstraction for the Authenticator,
> hopefully you can replace it with one of your own.
> However, here's the trick for reading the data
> zkCli > addauth digest accumulo:DEFAULT
> If you have changed the value of "instance.secret" in accumulo-site.xml,
> you need to use that value in order to read what is in the node.
> The data there is binary, so you'll need to write some java code to decode
> it... if your process can read accumulo-site.xml, you can use
> ZooReaderWriter to pull the data out: it will always set the additional
> auth flags to be able to read those nodes.
> Let me know if this doesn't make sense, and I can provide more details.
> On Wed, Jan 4, 2012 at 3:09 PM, Jim Klucar <[EMAIL PROTECTED]> wrote:
> > Hey,
> > I've been poking at security features of Accumulo, specifically the
> > user/password stuff in Zookeeper. I was wondering if it would be possible
> > to abstract away the zookeeper ACL authentication, so we could deploy
> > our own instead of using the "digest" ACL stuff in zookeeper. I looked at
> > doing this but got lost a bit in the innards of how Accumulo
> > the znodes. Can anyone provide me some guidance? Specifically, it would
> > useful to know what to do to be able to do an ls of the
> > /accumulo/<instance>/users/<user> zookeeper path from zkCli.sh
> > Thanks,
> > Jim