zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rakesh R (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ZOOKEEPER-2793) [QP MutualAuth]: Implement a mechanism to build "authzHosts" for dynamic reconfig servers
Date Tue, 17 Oct 2017 17:53:00 GMT

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-2793?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rakesh R updated ZOOKEEPER-2793:
--------------------------------
    Summary: [QP MutualAuth]: Implement a mechanism to build "authzHosts" for dynamic reconfig
servers  (was: [QP MutualAuth]: Build a mechanism to build "authzHosts" for dynamic reconfig
servers)

> [QP MutualAuth]: Implement a mechanism to build "authzHosts" for dynamic reconfig servers
> -----------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2793
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2793
>             Project: ZooKeeper
>          Issue Type: Sub-task
>          Components: quorum, security
>            Reporter: Rakesh R
>            Assignee: Rakesh R
>             Fix For: 3.5.4, 3.6.0
>
>
> {{QuorumServer}} will do the authorization checks against configured authorized hosts.
During LE, QuorumLearner will send an authentication packet to QuorumServer. Now, QuorumServer
will check that the connecting QuorumLearner’s hostname exists in the authorized hosts.
If not exists then connecting peer is not authorized to join this ensemble and the request
will be rejected immediately. 
> In {{branch-3.4}} building {{authzHosts}} list is pretty straight forward, can use the
ensemble server details in zoo.cfg file. But with dynamic reconfig, it has to consider the
dynamic add/remove/update servers and need to discuss the ways to handle dynamic cases.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message