zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Hunt <ph...@apache.org>
Subject Re: ZooKeeper cwiki - Updated ZooKeeper and SASL auth 1045 work
Date Wed, 14 Dec 2016 03:33:28 GMT
Nice job Rakesh, some comments:

1) the appendix is a great idea, should be useful for many people. One
thing I noticed
"There is no additional dependencies needed to use SASL with Java since it
is part of the the Java Standard Edition." - you might want to mention/link
the JCE? The JVM doesn't come with very modern encryption - some of the
distros use more strong encryption out of the box with kerberos. I've run
into this a number of times (need to also install JCE).

2) consistently use "ZooKeeper" rather than "Zookeeper". Only noticed this
in a few places...

3) on client-server it would be good to mention when it was added (3.4.0+),
similar to what you did with 1045.

4) on "ZooKeeper SASL configurations" the numbering of the bullets starts
at 2.1. and finishes at 2.4. I suspect the formatting didn't copy over
quite right?

5) similar formatting issue for "# Defaulting to

Can we give any insight into how this value should be set? i.e. why is 20
the default and when should it be raised/lowered?

6) can the doc shed any light on why we are recommending
"javax.security.auth.useSubjectCredsOnly=false" ? I'm not familiar with
this myself.

7) "This feature is supported in 3.4 branch" is ambiguous - perhaps
rephrase. What "feature" are you referring to, 1045 or to rolling upgrade?
Also the ref to 3.4 itself is ambiguous - perhaps change to 3.4.10+?

These are some minor nits, overall impressive effort -- thanks again Rakesh!


On Tue, Dec 13, 2016 at 6:56 PM, Rakesh Radhakrishnan <rakeshr@apache.org>

> Hi All,
> I've incorporated ZK-1045 feature details into the Apache ZooKeeper project
> cwiki. Since "ZooKeeper and SASL" section is quite large I've splitted
> ZooKeeper client-server and server-server sections into sub-pages. Please
> read the following page,
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+and+SASL+
> authentication
> *ZooKeeper and SASL authentication*
>    - Client-Server mutual authentication
>    - Server-Server mutual authentication
>    - Appendix: Kerberos, GSSAPI, SASL, and JAAS
> I have reused the content from the "Client-Server" and "Appendix" sections
> from the existing page
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL
> Presently I've maintained this original page as a history, probably we need
> to delete this page after everyone agrees on the changes.
> Appreciate your feedback, thanks!
> Regards,
> Rakesh

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message