Community Articles
Find and share helpful community-sourced technical articles.
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.


There are time we would want to remove a ZK node in a secure cluster which is ACL protected. Something as below ACLs

[zk: 0] getAcl /infra-solr 'sasl,'infra-solr : cdrwa 'world,'anyone : r 

[zk: 0] rmr /test
Authentication is not valid : /test

Here only read privilege is available to rest.


  • Goto zookeeper home. for e.x cd /usr/hdp/current/zookeeper-server
  • Run below command
java -cp "./zookeeper.jar:lib/slf4j-api-1.6.1.jar" org.apache.zookeeper.server.auth.DigestAuthenticationProvider super:password SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See for further details. super:password->super:DyNYQEQvajljsxlhf5uS4PJ9R28= 
  • Copy the super:DyNYQEQvajljsxlhf5uS4PJ9R28= text and login to Ambari and goto zookeeper config.
  • Add below to zookeeper-env template config
export SERVER_JVMFLAGS="$SERVER_JVMFLAGS -Dzookeeper.DigestAuthenticationProvider.superDigest=super:DyNYQEQvajljsxlhf5uS4PJ9R28="
  • Save and Restart Zookeeper
  • Launch zookeeper cli ( /usr/hdp/current/zookeeper-client/bin/ -server )
  • addauth as below
addauth digest super:password
  • Now try rmr /test -- This should work.


Please be careful while running these on production systems.

Cloudera Employee

It helped. Thanks !

@Santhosh B Gowda,

Thanks. This is very useful

Not applicable

thanks a lot

Super Mentor

@Santhosh B Gowda

Nice article. Very much needed.

Don't have an account?
Version history
Last update:
‎02-09-2017 09:55 AM
Updated by:
Top Kudoed Authors