zookeeper-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mocheng Guo (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-3476) Identify client request for quota control
Date Mon, 05 Aug 2019 17:28:00 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-3476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16900257#comment-16900257

Mocheng Guo commented on ZOOKEEPER-3476:

How about we make a configurable option to specify which value to use for client id, the value
can be from security principal like kerberos/tls principal, or can be a string from client
if security is not available. Then this would cover all the use cases.

> Identify client request for quota control
> -----------------------------------------
>                 Key: ZOOKEEPER-3476
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3476
>             Project: ZooKeeper
>          Issue Type: Sub-task
>          Components: server
>            Reporter: Mocheng Guo
>            Priority: Major
> In order to support quota, we need a way to identify clients. If security is enabled,
we might be able to use secured identity inside client certificate. But a generalized client-id
based approach would be better to cover scenario without security.
> The proposal here is to utilize existing zookeeper auth protocol to accept client identity.
>  # The client id should be sent by client once connection is established.
>  # Sending client id is optional. Note that server needs to enable auth provider if client
does send in client id auth request or request would be denied without auth provider on server
>  # client id is JSON withe client_id as mandatory field. Additional fields can be added
like client contact information, client version...
>  # This client identity will be cached in server connection and attached to requests
from the connection.

This message was sent by Atlassian JIRA

View raw message