hadoop-zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gustavo Niemeyer <gust...@niemeyer.net>
Subject Re: Authentification for Zookeeper Server
Date Tue, 16 Jun 2009 21:53:47 GMT
> I think that the stunnel suggestion actually covers what you want here.
> You can set stunnel up so that it listens to a known port and it decrypts
> and forwards traffic to the local zookeeper client port.  You can guarantee
> that no direct connections are possible to the zookeeper in a variety of
> ways, the simplest being a change to zookeeper to allow it to insist that
> all connections be from localhost.
> Stunnel can also insist on client certificates so that only approved clients
> would be able to connect.

Indeed, this would cover it reasonably well.  I'd still prefer to have
ZooKeeper itself protecting against unauthorized access to its service
so that the deployment would be simpler, but the stunnel solution
should give me a good path without having to invest in patching
ZooKeeper for a while.

Thanks again for the suggestions.

Gustavo Niemeyer

View raw message