zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Han (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (ZOOKEEPER-1045) Support Quorum Peer mutual authentication via SASL
Date Sun, 03 Jul 2016 20:46:11 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15360675#comment-15360675
] 

Michael Han edited comment on ZOOKEEPER-1045 at 7/3/16 8:46 PM:
----------------------------------------------------------------

bq. For the server-server auth, Kerb principal should be same for all the servers to allow
communicating each other. 

IIUC, this means that we only support a single (shared) Kerberos principal / credential across
all servers for server to server communication, and if so, the failure of my validation against
the case where servers use different Kerberos principal is a by design, because I was using
different Kerberos principals on each server for server to server auth validation. [~rakeshr]


was (Author: hanm):
b.q. For the server-server auth, Kerb principal should be same for all the servers to allow
communicating each other. 

IIUC, this means that we only support a single (shared) Kerberos principal / credential across
all servers for server to server communication, and if so, the failure of my validation against
the case where servers use different Kerberos principal is a by design, because I was using
different Kerberos principals on each server for server to server auth validation. [~rakeshr]

> Support Quorum Peer mutual authentication via SASL
> --------------------------------------------------
>
>                 Key: ZOOKEEPER-1045
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Eugene Koontz
>            Assignee: Rakesh R
>            Priority: Critical
>             Fix For: 3.4.9, 3.5.3
>
>         Attachments: 0001-ZOOKEEPER-1045-br-3-4.patch, 1045_failing_phunt.tar.gz, ZK-1045-test-case-failure-logs.zip,
ZOOKEEPER-1045-00.patch, ZOOKEEPER-1045-Rolling Upgrade Design Proposal.pdf, ZOOKEEPER-1045-br-3-4.patch,
ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch
>
>
> ZOOKEEPER-938 addresses mutual authentication between clients and servers. This bug,
on the other hand, is for authentication among quorum peers. Hopefully much of the work done
on SASL integration with Zookeeper for ZOOKEEPER-938 can be used as a foundation for this
enhancement.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message