nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [nifi] alopresto commented on a change in pull request #4092: NIFI-7115 Add ZooKeeper TLS configuration to Administration Guide
Date Thu, 27 Feb 2020 03:35:22 GMT
alopresto commented on a change in pull request #4092: NIFI-7115 Add ZooKeeper TLS configuration
to Administration Guide
URL: https://github.com/apache/nifi/pull/4092#discussion_r384896964
 
 

 ##########
 File path: nifi-docs/src/main/asciidoc/administration-guide.adoc
 ##########
 @@ -1904,25 +1904,26 @@ that indicates that any user is allowed to have full permissions
to the data, or
 allowed to access the data. Which ACL is used depends on the value of the `Access Control`
property for the `ZooKeeperStateProvider` (see the
 <<state_providers>> section for more information).
 
-In order to use an ACL that indicates that only the Creator is allowed to access the data,
we need to tell ZooKeeper who the Creator is. There are two
+In order to use an ACL that indicates that only the Creator is allowed to access the data,
we need to tell ZooKeeper who the Creator is. There are three
 mechanisms for accomplishing this. The first mechanism is to provide authentication using
Kerberos. See <<zk_kerberos_client>> for more information.
 
-The second option is to use a user name and password. This is configured by specifying a
value for the `Username` and a value for the `Password` properties
+The second option, which additionally ensures that network communication is encrypted, is
to authenticate using an X.509 certificate on a TLS-enabled ZooKeeper server. See
+<<zk_tls_client>> for more information.
+
+The third option is to use a user name and password. This is configured by specifying a value
for the `Username` and a value for the `Password` properties
 for the `ZooKeeperStateProvider` (see the <<state_providers>> section for more
information). The important thing to keep in mind here, though, is that ZooKeeper
 will pass around the password in plain text. This means that using a user name and password
should not be used unless ZooKeeper is running on localhost as a
-one-instance cluster, or if communications with ZooKeeper occur only over encrypted communications,
such as a VPN or an SSL connection. ZooKeeper will be
-providing support for SSL connections in version 3.5.0.
 
 Review comment:
   `user name` -> `username`. 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message