zookeeper-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rakesh R (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (ZOOKEEPER-1045) Support Quorum Peer mutual authentication via SASL
Date Sun, 14 Jul 2019 16:40:00 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16884721#comment-16884721
] 

Rakesh R edited comment on ZOOKEEPER-1045 at 7/14/19 4:39 PM:
--------------------------------------------------------------

*Work around:*
 ZooKeeper-2433 is internally setting hostname as {{null}}, then principal becomes {{zkquorum/null@EXAMPLE.COM}}.
Is it possible for you to explicitly append {{'/null'}} to your principal and give a try ?
{code:java}
DEBUG serviceHostname is 'null' 
DEBUG servicePrincipalName is 'zkquorum' 
DEBUG SASL mechanism(mech) is 'GSSAPI'
{code}
One question, are you looking for both client-server and server-server authentication via
SASL mechanism ?


was (Author: rakeshr):
*Work around:*
 ZooKeeper-2433 is internally setting hostname as {{null, }}then principal becomes {{zkquorum/null@EXAMPLE.COM}}.
Is it possible for you to explicitly append {{'/null'}} to your principal and give a try ?
{code:java}
DEBUG serviceHostname is 'null' 
DEBUG servicePrincipalName is 'zkquorum' 
DEBUG SASL mechanism(mech) is 'GSSAPI'
{code}
One question, are you looking for both client-server and server-server authentication via
SASL mechanism ?

> Support Quorum Peer mutual authentication via SASL
> --------------------------------------------------
>
>                 Key: ZOOKEEPER-1045
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: quorum, security
>            Reporter: Eugene Koontz
>            Assignee: Rakesh R
>            Priority: Critical
>             Fix For: 3.4.10
>
>         Attachments: 0001-ZOOKEEPER-1045-br-3-4.patch, 1045_failing_phunt.tar.gz, HOST_RESOLVER-ZK-1045.patch,
QuorumPeer Mutual Authentication Via Sasl Feature Doc - 2016-Nov-10.pdf, QuorumPeer Mutual
Authentication Via Sasl Feature Doc - 2016-Nov-25.pdf, QuorumPeer Mutual Authentication Via
Sasl Feature Doc - 2016-Nov-29.pdf, QuorumPeer Mutual Authentication Via Sasl Feature Doc
- 2016-Nov-30.pdf, QuorumPeer Mutual Authentication Via Sasl Feature Doc - 2016-Sep-25.pdf,
TEST-org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.txt, ZK-1045-test-case-failure-logs.zip,
ZOOKEEPER-1045 Test Plan.pdf, ZOOKEEPER-1045-00.patch, ZOOKEEPER-1045-Rolling Upgrade Design
Proposal.pdf, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch,
ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch,
ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch,
ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045TestValidationDesign.pdf,
org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.testRollingUpgrade.log
>
>
> ZOOKEEPER-938 addresses mutual authentication between clients and servers. This bug,
on the other hand, is for authentication among quorum peers. Hopefully much of the work done
on SASL integration with Zookeeper for ZOOKEEPER-938 can be used as a foundation for this
enhancement.
> Review board: https://reviews.apache.org/r/47354/



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Mime
View raw message