zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rakesh R <rake...@huawei.com>
Subject RE: How to secure Zookeeper
Date Fri, 21 Aug 2015 06:25:36 GMT
Hi Daniel,

>>>>>>> It says that Netty is available for SSL in 3.4... is that an
error in the documentation?
Netty is available from 3.4 onwards. But SSL support based on Netty channel is only available
only from 3.5.1 onwards. Unfortunately the http://zookeeper.apache.org/doc/trunk/ docs is
not reflecting the latest changes from the project. It is quite old and last published on
"10/08/2014 14:59:37".

Below are some of the jira tasks related to understand Netty + SSL development history.
ZOOKEEPER-2063, ZOOKEEPER-2120 - Umbrella jira issues
ZOOKEEPER-2119 - updated the zookeeper doc as part of this

Secondly, for authentication zookeeper provides different auth schemes. Please take a look
at these available options.
1) DigestAuthenticationProvider
2) IPAuthenticationProvider
3) SASLAuthenticationProvider (can use Kerberos)
4) X509AuthenticationProvider (SSL)

Reference : 
http://zookeeper.apache.org/doc/trunk/zookeeperProgrammers.html#sc_ZooKeeperPluggableAuthentication
https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL


+Rakesh
-----Original Message-----
From: Daniel Kashtan [mailto:djkashtan@gmail.com] 
Sent: 21 August 2015 02:54
To: user@zookeeper.apache.org
Subject: Re: How to secure Zookeeper

Thank you for the response. The SSL user guide is a great tutorial, but I am using the latest
stable release, 3.4.6. It does not have any Netty capability, so I am out of luck?

At this link:
http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#Communication+using+the+Netty+framework

It says that Netty is available for SSL in 3.4... is that an error in the documentation?

The guide on SASL bewilders me... also from the current docs I somehow missed the section
"Authentication & Authorization Options" at:
http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_authOptions

This part of the documentation describes "zookeeper.DigestAuthenticationProvider.superDigest"...
is that something I can use for authentication?

On Thu, Aug 20, 2015 at 11:41 AM, Ivan Kelly <ivank@apache.org> wrote:

>
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+Us
> er+Guide#ZooKeeperSSLUserGuide-Quorum
>
> This wiki page contains a guide on ssl and auth.
>
> -Ivan
>
> On Thu, Aug 20, 2015 at 5:35 PM Daniel Kashtan <djkashtan@gmail.com>
> wrote:
>
> > Is it possible to authenticate users and use ssl for communication
> between
> > the Zookeeper server and its clients?
> >
> > --
> > -Daniel
> >
>



--
-Daniel
Mime
View raw message