Open zhuliquan opened 2 years ago
It seems do not work for me.
kirbyzhou@Kirby-WorkBook gozktest % go test
2022/03/15 16:06:17 connected to 10.120.238.27:2181
2022/03/15 16:06:17 authenticated: id=75472220670704181, timeout=10000
2022/03/15 16:06:17 failed to init session context while performing kerberos authentication, err: wrong Token ID. Expected 0504, was 6030
2022/03/15 16:06:17 failed to authorize with kerberos, err: wrong Token ID. Expected 0504, was 6030, zookeeper server: kb01.sa:2181
2022/03/15 16:06:17 error in resending auth creds: wrong Token ID. Expected 0504, was 6030
2022/03/15 16:06:17 recv loop terminated: failed to read from connection: read tcp 172.20.9.129:56321->10.120.238.27:2181: use of closed network connection
get [] from zookeeper
PASS
ok gitlab.sensorsdata.cn/kirbyzhou/gozktest 0.555s
kirbyzhou@Kirby-WorkBook gozktest % cat basic_test.go
package example
import (
"fmt"
"time"
"testing"
"github.com/go-zookeeper/zk"
)
func TestBasic(t *testing.T) {
host := "kb01.sa"
zkConn, _, err := zk.Connect([]string{host}, time.Second*10, zk.WithSASLConfig(
&zk.SASLConfig{
SASLType: zk.KERBEROS,
KerberosConfig: &zk.KerberosConfig{
KeytabPath: "./debugresetreset35323.keytab",
KrbCfgPath: "/etc/krb5.conf",
Realm: "SA",
Username: "debugresetreset35323",
ServiceName: "zookeeper",
},
},
))
if err != nil {
panic(err)
}
if res, _, err := zkConn.Get("/debugresetreset35323_sa"); err != nil {
fmt.Printf("get %+v from zookeeper\n", res)
} else {
panic(err)
}
}
% cat conf/jaas.conf
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=false
keyTab="file:/Users/kirbyzhou/Develop/go-zookeeper/zookeeper/conf/debugresetreset35323.keytab"
principal="debugresetreset35323@SA"
useTicketCache=false
debug=true;
};
% bin/zkCli.sh -server kb01.sa ls /debugresetreset35323_sa
....
2022-03-15 16:10:45,502 [myid:kb01.sa:2181] - INFO [main-SendThread(kb01.sa:2181):SecurityUtils$1@124] - Client will use GSSAPI as SASL mechanism.
2022-03-15 16:10:45,511 [myid:kb01.sa:2181] - INFO [main-SendThread(kb01.sa:2181):ClientCnxn$SendThread@1112] - Opening socket connection to server kb01.sa/10.120.238.27:2181. Will attempt to SASL-authenticate using Login Context section 'Client'
2022-03-15 16:10:45,528 [myid:kb01.sa:2181] - INFO [main-SendThread(kb01.sa:2181):ClientCnxn$SendThread@959] - Socket connection established, initiating session, client: /172.20.9.129:56923, server: kb01.sa/10.120.238.27:2181
2022-03-15 16:10:45,576 [myid:kb01.sa:2181] - INFO [main-SendThread(kb01.sa:2181):ClientCnxn$SendThread@1394] - Session establishment complete on server kb01.sa/10.120.238.27:2181, sessionid = 0x10c2195b77cc380, negotiated timeout = 30000
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
WATCHER::
WatchedEvent state:SaslAuthenticated type:None path:null
[advertising, applications, backpack, cluster_hosts, deploy_topo, discovery, external, global_conf, monitor, resource, scheduler, sea_area, sensors_node_type, sensors_role_group, service_topology, sp]
Sorry, it is a bug of gokrb5, which doesnot support old WrapToken formant used with RC4.
Usage: