zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rakesh Radhakrishnan <rake...@apache.org>
Subject Re: ZooKeeper cwiki - Updated ZooKeeper and SASL auth 1045 work
Date Mon, 16 Jan 2017 17:01:44 GMT
Hi All,

FYI, I'm planning to delete our existing "https://cwiki.apache.org/
confluence/display/ZOOKEEPER/Zookeeper+and+SASL" web page by tomorrow (IST).

Then rename https://cwiki.apache.org/confluence/display/ZOOKEEPER/
ZooKeeper+and+SASL+authentication web page to "https://cwiki.apache.org/
confluence/display/ZOOKEEPER/Zookeeper+and+SASL" in place of the deleted
page.

Please let me know if you have any comments. Thanks!

Regards,
Rakesh

On Tue, Dec 20, 2016 at 6:03 PM, Rakesh Radhakrishnan <rakeshr@apache.org>
wrote:

> Like I mentioned at the beginning of this mail thread, presently I've
> maintained this original page as a history. How about deleting this old
> page now and rename the newly added "https://cwiki.apache.org/
> confluence/display/ZOOKEEPER/ZooKeeper+and+SASL+authentication" in place
> of the old page? I think, that will help the existing webpages to continue
> referring to a valid cwiki ZK sasl page. Otw those links becomes stale.
>
> I could see many blogs, wiki already have a reference link to our existing
> "https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL"
> page.
>
> Following are few blogs/sites which has a reference to the ZK SASL page:-
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> 38%3A+ZooKeeper+Authentication
> http://blog.intelligencecomputing.io/security/12409/repost-
> zookeeper-and-sasl
>
> Thanks,
> Rakesh
>
>
> On Tue, Dec 20, 2016 at 7:02 AM, Patrick Hunt <phunt@apache.org> wrote:
>
>> LGTM. Those changes are very helpful, thanks Rakesh!
>>
>> Patrick
>>
>> On Mon, Dec 19, 2016 at 12:04 PM, Rakesh Radhakrishnan <
>> rakeshr@apache.org>
>> wrote:
>>
>> > Thanks a lot Patrick Hunt for the review comments. Please take another
>> look
>> > at the wiki page when you get a chance.
>> >
>> > I've updated the wiki page addressing these,.
>> >
>> > 1) ===> DONE. Added JCE encryption part.
>> > 2) ===> DONE. Corrected case.
>> > 3) ===> DONE. Included version.
>> > 4) ===> DONE. Corrected numbering format.
>> > 5) ===> DONE. Added an example case to understand the tuning mechanism.
>> > 6) ===> DONE. I've removed this part because it can be discussed
>> separately
>> > and added if someone has a use case.
>> > 7) ===> DONE. Rephrased upgrade feature section
>> >
>> > Thanks,
>> > Rakesh
>> >
>> > On Wed, Dec 14, 2016 at 9:03 AM, Patrick Hunt <phunt@apache.org> wrote:
>> >
>> > > Nice job Rakesh, some comments:
>> > >
>> > > 1) the appendix is a great idea, should be useful for many people. One
>> > > thing I noticed
>> > > "There is no additional dependencies needed to use SASL with Java
>> since
>> > it
>> > > is part of the the Java Standard Edition." - you might want to
>> > mention/link
>> > > the JCE? The JVM doesn't come with very modern encryption - some of
>> the
>> > > distros use more strong encryption out of the box with kerberos. I've
>> run
>> > > into this a number of times (need to also install JCE).
>> > >
>> > > 2) consistently use "ZooKeeper" rather than "Zookeeper". Only noticed
>> > this
>> > > in a few places...
>> > >
>> > > 3) on client-server it would be good to mention when it was added
>> > (3.4.0+),
>> > > similar to what you did with 1045.
>> > >
>> > > 4) on "ZooKeeper SASL configurations" the numbering of the bullets
>> starts
>> > > at 2.1. and finishes at 2.4. I suspect the formatting didn't copy over
>> > > quite right?
>> > >
>> > > 5) similar formatting issue for "# Defaulting to
>> > > 20quorum.cnxn.threads.size=20"
>> > >
>> > > Can we give any insight into how this value should be set? i.e. why
>> is 20
>> > > the default and when should it be raised/lowered?
>> > >
>> > > 6) can the doc shed any light on why we are recommending
>> > > "javax.security.auth.useSubjectCredsOnly=false" ? I'm not familiar
>> with
>> > > this myself.
>> > >
>> > > 7) "This feature is supported in 3.4 branch" is ambiguous - perhaps
>> > > rephrase. What "feature" are you referring to, 1045 or to rolling
>> > upgrade?
>> > > Also the ref to 3.4 itself is ambiguous - perhaps change to 3.4.10+?
>> > >
>> > > These are some minor nits, overall impressive effort -- thanks again
>> > > Rakesh!
>> > >
>> > > Patrick
>> > >
>> > >
>> > >
>> > > On Tue, Dec 13, 2016 at 6:56 PM, Rakesh Radhakrishnan <
>> > rakeshr@apache.org>
>> > > wrote:
>> > >
>> > > > Hi All,
>> > > >
>> > > > I've incorporated ZK-1045 feature details into the Apache ZooKeeper
>> > > project
>> > > > cwiki. Since "ZooKeeper and SASL" section is quite large I've
>> splitted
>> > > > ZooKeeper client-server and server-server sections into sub-pages.
>> > Please
>> > > > read the following page,
>> > > >
>> > > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/
>> > > ZooKeeper+and+SASL+
>> > > > authentication
>> > > >
>> > > > *ZooKeeper and SASL authentication*
>> > > >
>> > > >    - Client-Server mutual authentication
>> > > >    - Server-Server mutual authentication
>> > > >    - Appendix: Kerberos, GSSAPI, SASL, and JAAS
>> > > >
>> > > > I have reused the content from the "Client-Server" and "Appendix"
>> > > sections
>> > > > from the existing page
>> > > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/
>> > Zookeeper+and+SASL
>> > > > Presently I've maintained this original page as a history, probably
>> we
>> > > need
>> > > > to delete this page after everyone agrees on the changes.
>> > > >
>> > > > Appreciate your feedback, thanks!
>> > > >
>> > > > Regards,
>> > > > Rakesh
>> > > >
>> > >
>> >
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message