curator-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cameron McKenzie <mckenzie....@gmail.com>
Subject Re: Configuring SASL scheme authorization
Date Wed, 01 Feb 2017 21:49:10 GMT
hey Stevo,
I'm not aware of any programmatic way to configure SASL stuff (but I've
never used it before, so I could be missing something).

I haven't looked at any security stuff in Java for a while. Does the
location of the JAAS configuration file have to be set via a system
property, or are there other options? While Curator could potentially be
extended to expose an API to set the JAAS configuration, if it's just
essentially setting a system property I'm not sure of the benefit.
Especially when it will have the side effect of modifying the JAAS
configuration for the whole JVM.

cheers
Cam


On Thu, Feb 2, 2017 at 3:12 AM, Stevo Slavić <sslavic@gmail.com> wrote:

> Hello Apache Curator community,
>
> With digest scheme it seemed to be enough to configure
> CuratorFrameworkFactory.Builder authorization with appropriate AuthInfo -
> scheme "digest" and "user:pass" bytes as auth.
>
> By experimenting and checking ZooKeeperServer [1] and
> SASLAuthenticationProvider [2] code, I've got it work with SASL scheme when
> CuratorFrameworkFactory.Builder does not have authorization configured,
> JAAS config file is provisioned and JVM is configured to use it via
> java.security.auth.login.config Java system property.
>
> I'd prefer API support over provisioning via file. Is there equivalent (to
> digest support) Java API in Curator that one can use to configure SASL
> scheme authorization?
>
> Kind regards,
> Stevo Slavic.
>
> [1] http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/
> org/apache/zookeeper/server/ZooKeeperServer.java?view=markup#l1060
> [2] http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/
> org/apache/zookeeper/server/auth/SASLAuthenticationProvider.
> java?view=markup#l30
>

Mime
View raw message