zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Flavio Junqueira" <fpjunque...@yahoo.com>
Subject RE: Deprecated AuthFastLeaderElection
Date Thu, 19 Dec 2013 02:18:40 GMT
Hi Leo,

AuthFLE implements a simple challenge-response protocol and if I remember
correctly it uses UDP. We haven't been maintaining that LE implementation
because no one at the time seemed interested in having that implementation
of leader election and making sure that all flavors work is a pain, that's
why it is deprecated. 

Are you convinced that it does what you need or you're just exploring at
this point? I'm not aware of folks securing leader election communication,
but that doesn't mean no one is doing it.

-Flavio

-----Original Message-----
From: Leonard Kramer [mailto:leonard.alexander.kramer@googlemail.com] 
Sent: Tuesday, December 17, 2013 5:55 PM
To: user@zookeeper.apache.org
Subject: Deprecated AuthFastLeaderElection

Hello everybody,

I want to deploy a zookeeper-ensemble in a non-secure environment where
every instance is connected over non-seucre channels. So far I've
successfully added TLS-support to the inter-server communication.
My naive approch for upgrading the leader-communication to secure
tls-sockets fails and is also unacceptable slow.

My next guess was using the "AuthFastLeaderElection", but I can't find any
information why this class is deprecated.

So I have basically two questions:
1. Why is AuthFastLeaderElection deprecated?
2. Are there currently any alternatives for securing the LeaderElection? My
basic requirements are integrity and authencity not necessarily encryption.
Has somebody successfully secured the leaderelection by using tools like
stunnel?

Thanks and happy holidays
Leo


Mime
View raw message