Getting Authentication Not valid while running reconfig Command
I am connecting from ./zkCli.sh and trying to add an server to zookeeper
I see i am authenticated on prompt
2018-03-01 11:21:41,716 [myid:localhost:2181] - INFO
[main-SendThread(localhost:2181):ZooKeeperSaslClient@274] - Client will use
DIGEST-MD5 as SASL mechanism.
2018-03-01 11:21:41,770 [myid:localhost:2181] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@1113] - Opening
socket connection to server localhost/127.0.0.1:2181. Will attempt to
SASL-authenticate using Login Context section 'Client'
WatchedEvent state:SaslAuthenticated type:None path:null
Even Set ACL doesnt work
[zk: localhost:2181(CONNECTED) 1] setAcl /zookeeper/config
Authentication is not valid : /zookeeper/config
same issue happens with "reconfig" command as well.
*"The dynamic configuration is stored in a special znode
ZooDefs.CONFIG_NODE = /zookeeper/config. This node by default is read only
for all users, except super user and users that's explicitly configured for
*Clients that need to use reconfig commands or reconfig API should be
configured as users that have write access to CONFIG_NODE. By default, only
the super user has full control including write access to CONFIG_NODE.
Additional users can be granted write access through superuser by setting
an ACL that has write permission associated with specified user.*
*A few examples of how to setup ACLs and use reconfiguration API with
authentication can be found in ReconfigExceptionTest.java and
This is the recommended approach. The "skipACL" approach is not recommended
to use from a security perspective unless you don't care about access
control and also running ensembles in a trusted environment.
> We were also facing the same issue, this is how we resolved it:
> Before starting the ZK server, add the following to zkServer.sh -
> This will skip the ACL authentication and you will be able to use reconfig
> Albeit this comes with a risk as you removes all authentication.
> Hope this helps!
> Sent from: http://zookeeper-user.578899.n2.nabble.com/ >