Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
Accumulo >> mail # dev >> zookeeper ACL issues

Jim Klucar 2012-01-04, 20:09
Eric Newton 2012-01-04, 20:48
Copy link to this message
Re: zookeeper ACL issues
That worked for the CLI. What is the data in there? base64 encoding of the

Have you heard of anyone trying to implement an OAuth style authentication
for the Authenticator? I was thinking I would have to put in a whole layer
that talked to ZK directly for authentication, but perhaps not.

thanks for help.

On Wed, Jan 4, 2012 at 3:48 PM, Eric Newton <[EMAIL PROTECTED]> wrote:

> In fact, that's why there is an abstraction for the Authenticator,
> hopefully you can replace it with one of your own.
> However, here's the trick for reading the data
> zkCli > addauth digest accumulo:DEFAULT
> If you have changed the value of "instance.secret" in accumulo-site.xml,
> you need to use that value in order to read what is in the node.
> The data there is binary, so you'll need to write some java code to decode
> it... if your process can read accumulo-site.xml, you can use
> ZooReaderWriter to pull the data out: it will always set the additional
> auth flags to be able to read those nodes.
> Let me know if this doesn't make sense, and I can provide more details.
> -Eric
> On Wed, Jan 4, 2012 at 3:09 PM, Jim Klucar <[EMAIL PROTECTED]> wrote:
> > Hey,
> >
> > I've been poking at security features of Accumulo, specifically the
> > user/password stuff in Zookeeper. I was wondering if it would be possible
> > to abstract away the zookeeper ACL authentication, so we could deploy
> with
> > our own instead of using the "digest" ACL stuff in zookeeper. I looked at
> > doing this but got lost a bit in the innards of how Accumulo
> authenticates
> > the znodes. Can anyone provide me some guidance?  Specifically, it would
> be
> > useful to know what to do to be able to do an ls of the
> > /accumulo/<instance>/users/<user> zookeeper path from zkCli.sh
> >
> > Thanks,
> > Jim
> >
Eric Newton 2012-01-05, 14:27
John W Vines 2012-01-05, 18:19
Keith Turner 2012-01-05, 18:24
John W Vines 2012-01-05, 20:59