Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id B0CB9200B40 for ; Fri, 1 Jul 2016 16:52:12 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id ADC98160A61; Fri, 1 Jul 2016 14:52:12 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 0316D160A4D for ; Fri, 1 Jul 2016 16:52:11 +0200 (CEST) Received: (qmail 65756 invoked by uid 500); 1 Jul 2016 14:52:11 -0000 Mailing-List: contact dev-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@zookeeper.apache.org Delivered-To: mailing list dev@zookeeper.apache.org Received: (qmail 65743 invoked by uid 99); 1 Jul 2016 14:52:11 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Jul 2016 14:52:11 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id EAEE02C029E for ; Fri, 1 Jul 2016 14:52:10 +0000 (UTC) Date: Fri, 1 Jul 2016 14:52:10 +0000 (UTC) From: "Botond Hejj (JIRA)" To: dev@zookeeper.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (ZOOKEEPER-2462) force authentication/authorization MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 01 Jul 2016 14:52:12 -0000 [ https://issues.apache.org/jira/browse/ZOOKEEPER-2462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Botond Hejj updated ZOOKEEPER-2462: ----------------------------------- Attachment: ZOOKEEPER-2462.patch > force authentication/authorization > ---------------------------------- > > Key: ZOOKEEPER-2462 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2462 > Project: ZooKeeper > Issue Type: New Feature > Components: server > Reporter: Botond Hejj > Priority: Minor > Attachments: ZOOKEEPER-2462.patch > > > This change introduces two new config options to force authorization and authentication: > 1. disableWorldACL > The purpose of this option is disable the builtin mechanism which authorizes everyone. > If it is turned on than the world/anyone usage is ignored. ZooKeeper will not check operations based on world/anyone. > This option is useful to force some kind of authorization mechanism. This restriction is useful in a strictly audited environment. > 2. forceAuthentication > If this option is turned on than ZooKeeper won't authorize any operation if the user has not authenticated either with SASL or with addAuth. > There is way to enforce SASL authentication but currently there is no way to enforce authentication using the plugin mechanism. Enforcing authentication for that is more tricky since authentication can come any time later. This option doesn't drop the connection if there was no authentication. It is only throwing NoAuth for any operation until the Auth packet arrives. -- This message was sent by Atlassian JIRA (v6.3.4#6332)