zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Conroy <ccon...@squareup.com>
Subject Re: How to secure Zookeeper
Date Tue, 25 Aug 2015 22:25:05 GMT
NB: there is currently *no* support for securing the quorum communication.
The recent SSL patches only secure client/server connections.

Related: when do we expect quorum ssl to land? 3.6?

On Fri, Aug 21, 2015 at 2:25 AM, Rakesh R <rakeshr@huawei.com> wrote:

> Hi Daniel,
>
> >>>>>>> It says that Netty is available for SSL in 3.4... is that
an error
> in the documentation?
> Netty is available from 3.4 onwards. But SSL support based on Netty
> channel is only available only from 3.5.1 onwards. Unfortunately the
> http://zookeeper.apache.org/doc/trunk/ docs is not reflecting the latest
> changes from the project. It is quite old and last published on "10/08/2014
> 14:59:37".
>
> Below are some of the jira tasks related to understand Netty + SSL
> development history.
> ZOOKEEPER-2063, ZOOKEEPER-2120 - Umbrella jira issues
> ZOOKEEPER-2119 - updated the zookeeper doc as part of this
>
> Secondly, for authentication zookeeper provides different auth schemes.
> Please take a look at these available options.
> 1) DigestAuthenticationProvider
> 2) IPAuthenticationProvider
> 3) SASLAuthenticationProvider (can use Kerberos)
> 4) X509AuthenticationProvider (SSL)
>
> Reference :
>
> http://zookeeper.apache.org/doc/trunk/zookeeperProgrammers.html#sc_ZooKeeperPluggableAuthentication
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL
>
>
> +Rakesh
> -----Original Message-----
> From: Daniel Kashtan [mailto:djkashtan@gmail.com]
> Sent: 21 August 2015 02:54
> To: user@zookeeper.apache.org
> Subject: Re: How to secure Zookeeper
>
> Thank you for the response. The SSL user guide is a great tutorial, but I
> am using the latest stable release, 3.4.6. It does not have any Netty
> capability, so I am out of luck?
>
> At this link:
>
> http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#Communication+using+the+Netty+framework
>
> It says that Netty is available for SSL in 3.4... is that an error in the
> documentation?
>
> The guide on SASL bewilders me... also from the current docs I somehow
> missed the section "Authentication & Authorization Options" at:
> http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_authOptions
>
> This part of the documentation describes
> "zookeeper.DigestAuthenticationProvider.superDigest"...
> is that something I can use for authentication?
>
> On Thu, Aug 20, 2015 at 11:41 AM, Ivan Kelly <ivank@apache.org> wrote:
>
> >
> > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+Us
> > er+Guide#ZooKeeperSSLUserGuide-Quorum
> >
> > This wiki page contains a guide on ssl and auth.
> >
> > -Ivan
> >
> > On Thu, Aug 20, 2015 at 5:35 PM Daniel Kashtan <djkashtan@gmail.com>
> > wrote:
> >
> > > Is it possible to authenticate users and use ssl for communication
> > between
> > > the Zookeeper server and its clients?
> > >
> > > --
> > > -Daniel
> > >
> >
>
>
>
> --
> -Daniel
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message