一、zookeeper配置
1、conf/zk_server_jaas.conf
##DIGEST-MD5 authentication
Server {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_super="adminsecret" #用户为super,密码为adminsecret
user_bob="bobsecret";
};
Client {
org.apache.zookeeper.server.auth.DigestLoginModule required
username="bob"
password="bobsecret";
};
注意Server和Client在用户和密码配置之间的区别
2、conf/java.env
CLIENT_JVMFLAGS="${CLIENT_JVMFLAGS} -Djava.security.auth.login.config=/path/to/client/jaas/file.conf"
SERVER_JVMFLAGS="-Djava.security.auth.login.config=/path/to/server/jaas/file.conf
-Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
-Dzookeeper.requireClientAuthScheme=sasl
-Dzookeeper.jaasLoginRenew=3600000
-Dzookeeper.zookeeper.sasl.client=true
-Dzookeeper.allowSaslFailedClients=false
-Dzookeeper.sessionRequireClientSASLAuth=true
"
3、启动zookeeper即可
二、zookeeper强制开启sasl
1、requireClientAuthScheme=sasl
单纯这一行并不顶用,客户端依旧可以以非sasl的方式登录
https://www.likecs.com/ask-9655894.html
2、参数
allowSaslFailedClients=false
sessionRequireClientSASLAuth=true
这俩参数可以控制客户端必须以sasl连接,如果非sasl连接,无法做任何操作
服务器租用托管,机房租用托管,主机租用托管,https://www.e1idc.com