zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Hunt <ph...@apache.org>
Subject Re: ZooKeeper cwiki - Updated ZooKeeper and SASL auth 1045 work
Date Wed, 18 Jan 2017 02:21:50 GMT
Rakesh, send me your cwiki ID and I'll add the proper permissions for you.

Patrick

On Tue, Jan 17, 2017 at 5:58 PM, Rakesh Radhakrishnan <rakeshr@apache.org>
wrote:

> Hi PMCs,
>
> I don't have permission to delete cwiki page. Presently, I have renamed our
> old sasl page to "https://cwiki.apache.org/confluence/display/ZOOKEEPER/
> Zookeeper+and+SASL-Backup". Could you please delete this page from
> ZooKeeper project cwiki pages. Thanks!
>
> Thanks,
> Rakesh
>
> On Mon, Jan 16, 2017 at 10:31 PM, Rakesh Radhakrishnan <rakeshr@apache.org
> >
> wrote:
>
> > Hi All,
> >
> > FYI, I'm planning to delete our existing "https://cwiki.apache.org/conf
> > luence/display/ZOOKEEPER/Zookeeper+and+SASL" web page by tomorrow (IST).
> >
> > Then rename https://cwiki.apache.org/confluence/display/
> > ZOOKEEPER/ZooKeeper+and+SASL+authentication web page to "
> > https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL
> "
> > in place of the deleted page.
> >
> > Please let me know if you have any comments. Thanks!
> >
> > Regards,
> > Rakesh
> >
> > On Tue, Dec 20, 2016 at 6:03 PM, Rakesh Radhakrishnan <
> rakeshr@apache.org>
> > wrote:
> >
> >> Like I mentioned at the beginning of this mail thread, presently I've
> >> maintained this original page as a history. How about deleting this old
> >> page now and rename the newly added "https://cwiki.apache.org/conf
> >> luence/display/ZOOKEEPER/ZooKeeper+and+SASL+authentication" in place of
> >> the old page? I think, that will help the existing webpages to continue
> >> referring to a valid cwiki ZK sasl page. Otw those links becomes stale.
> >>
> >> I could see many blogs, wiki already have a reference link to our
> >> existing "https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zooke
> >> eper+and+SASL" page.
> >>
> >> Following are few blogs/sites which has a reference to the ZK SASL
> page:-
> >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-38%3A+
> >> ZooKeeper+Authentication
> >> http://blog.intelligencecomputing.io/security/12409/repost-z
> >> ookeeper-and-sasl
> >>
> >> Thanks,
> >> Rakesh
> >>
> >>
> >> On Tue, Dec 20, 2016 at 7:02 AM, Patrick Hunt <phunt@apache.org> wrote:
> >>
> >>> LGTM. Those changes are very helpful, thanks Rakesh!
> >>>
> >>> Patrick
> >>>
> >>> On Mon, Dec 19, 2016 at 12:04 PM, Rakesh Radhakrishnan <
> >>> rakeshr@apache.org>
> >>> wrote:
> >>>
> >>> > Thanks a lot Patrick Hunt for the review comments. Please take
> another
> >>> look
> >>> > at the wiki page when you get a chance.
> >>> >
> >>> > I've updated the wiki page addressing these,.
> >>> >
> >>> > 1) ===> DONE. Added JCE encryption part.
> >>> > 2) ===> DONE. Corrected case.
> >>> > 3) ===> DONE. Included version.
> >>> > 4) ===> DONE. Corrected numbering format.
> >>> > 5) ===> DONE. Added an example case to understand the tuning
> mechanism.
> >>> > 6) ===> DONE. I've removed this part because it can be discussed
> >>> separately
> >>> > and added if someone has a use case.
> >>> > 7) ===> DONE. Rephrased upgrade feature section
> >>> >
> >>> > Thanks,
> >>> > Rakesh
> >>> >
> >>> > On Wed, Dec 14, 2016 at 9:03 AM, Patrick Hunt <phunt@apache.org>
> >>> wrote:
> >>> >
> >>> > > Nice job Rakesh, some comments:
> >>> > >
> >>> > > 1) the appendix is a great idea, should be useful for many people.
> >>> One
> >>> > > thing I noticed
> >>> > > "There is no additional dependencies needed to use SASL with Java
> >>> since
> >>> > it
> >>> > > is part of the the Java Standard Edition." - you might want to
> >>> > mention/link
> >>> > > the JCE? The JVM doesn't come with very modern encryption - some
of
> >>> the
> >>> > > distros use more strong encryption out of the box with kerberos.
> >>> I've run
> >>> > > into this a number of times (need to also install JCE).
> >>> > >
> >>> > > 2) consistently use "ZooKeeper" rather than "Zookeeper". Only
> noticed
> >>> > this
> >>> > > in a few places...
> >>> > >
> >>> > > 3) on client-server it would be good to mention when it was added
> >>> > (3.4.0+),
> >>> > > similar to what you did with 1045.
> >>> > >
> >>> > > 4) on "ZooKeeper SASL configurations" the numbering of the bullets
> >>> starts
> >>> > > at 2.1. and finishes at 2.4. I suspect the formatting didn't copy
> >>> over
> >>> > > quite right?
> >>> > >
> >>> > > 5) similar formatting issue for "# Defaulting to
> >>> > > 20quorum.cnxn.threads.size=20"
> >>> > >
> >>> > > Can we give any insight into how this value should be set? i.e.
why
> >>> is 20
> >>> > > the default and when should it be raised/lowered?
> >>> > >
> >>> > > 6) can the doc shed any light on why we are recommending
> >>> > > "javax.security.auth.useSubjectCredsOnly=false" ? I'm not familiar
> >>> with
> >>> > > this myself.
> >>> > >
> >>> > > 7) "This feature is supported in 3.4 branch" is ambiguous - perhaps
> >>> > > rephrase. What "feature" are you referring to, 1045 or to rolling
> >>> > upgrade?
> >>> > > Also the ref to 3.4 itself is ambiguous - perhaps change to
> 3.4.10+?
> >>> > >
> >>> > > These are some minor nits, overall impressive effort -- thanks
> again
> >>> > > Rakesh!
> >>> > >
> >>> > > Patrick
> >>> > >
> >>> > >
> >>> > >
> >>> > > On Tue, Dec 13, 2016 at 6:56 PM, Rakesh Radhakrishnan <
> >>> > rakeshr@apache.org>
> >>> > > wrote:
> >>> > >
> >>> > > > Hi All,
> >>> > > >
> >>> > > > I've incorporated ZK-1045 feature details into the Apache
> ZooKeeper
> >>> > > project
> >>> > > > cwiki. Since "ZooKeeper and SASL" section is quite large
I've
> >>> splitted
> >>> > > > ZooKeeper client-server and server-server sections into
> sub-pages.
> >>> > Please
> >>> > > > read the following page,
> >>> > > >
> >>> > > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/
> >>> > > ZooKeeper+and+SASL+
> >>> > > > authentication
> >>> > > >
> >>> > > > *ZooKeeper and SASL authentication*
> >>> > > >
> >>> > > >    - Client-Server mutual authentication
> >>> > > >    - Server-Server mutual authentication
> >>> > > >    - Appendix: Kerberos, GSSAPI, SASL, and JAAS
> >>> > > >
> >>> > > > I have reused the content from the "Client-Server" and "Appendix"
> >>> > > sections
> >>> > > > from the existing page
> >>> > > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/
> >>> > Zookeeper+and+SASL
> >>> > > > Presently I've maintained this original page as a history,
> >>> probably we
> >>> > > need
> >>> > > > to delete this page after everyone agrees on the changes.
> >>> > > >
> >>> > > > Appreciate your feedback, thanks!
> >>> > > >
> >>> > > > Regards,
> >>> > > > Rakesh
> >>> > > >
> >>> > >
> >>> >
> >>>
> >>
> >>
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message