Return-Path: 
 <user-return-9210-apmail-zookeeper-user-archive=zookeeper.apache.org@zookeeper.apache.org>
X-Original-To: apmail-zookeeper-user-archive@www.apache.org
Delivered-To: apmail-zookeeper-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C3237107DD
	for <apmail-zookeeper-user-archive@www.apache.org>;
 Thu, 20 Aug 2015 21:23:51 +0000 (UTC)
Received: (qmail 68139 invoked by uid 500); 20 Aug 2015 21:23:50 -0000
Delivered-To: apmail-zookeeper-user-archive@zookeeper.apache.org
Received: (qmail 68094 invoked by uid 500); 20 Aug 2015 21:23:50 -0000
Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@zookeeper.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@zookeeper.apache.org>
List-Post: <mailto:user@zookeeper.apache.org>
List-Id: <user.zookeeper.apache.org>
Reply-To: user@zookeeper.apache.org
Delivered-To: mailing list user@zookeeper.apache.org
Received: (qmail 68079 invoked by uid 99); 20 Aug 2015 21:23:50 -0000
Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Aug 2015 21:23:50 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org)
 with ESMTP id E27041AA848
	for <user@zookeeper.apache.org>; Thu, 20 Aug 2015 21:23:49 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.879
X-Spam-Level: **
X-Spam-Status: No, score=2.879 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
	SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd2-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-us-east.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new,
 port 10024)
	with ESMTP id 6sQDJIHntu4o for <user@zookeeper.apache.org>;
	Thu, 20 Aug 2015 21:23:48 +0000 (UTC)
Received: from mail-yk0-f181.google.com (mail-yk0-f181.google.com
 [209.85.160.181])
	by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with
 ESMTPS id 53FC942B20
	for <user@zookeeper.apache.org>; Thu, 20 Aug 2015 21:23:48 +0000 (UTC)
Received: by ykbi184 with SMTP id i184so51848619ykb.2
        for <user@zookeeper.apache.org>; Thu, 20 Aug 2015 14:23:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=pqZ0FzKVZRYhE3/PspSSOssLl1wAqiCZts6wcp/V3pk=;
        b=S1g+z5AoP6jN7XjHjxEoIEdKa9iVfwgPHnjPCToO+eUoz8BH2NrddRf2PVC5PnPkfh
         4W8OaLHptb4+TqKk9z0GI8e1bj47O6ejhO8vL74vZeFzTcfG4pNCI2yPXtZY5Uv2/lkf
         PRLSfuhqFHkOCaovWKCK5mBA/sEN1E+hZMgk78IACX7CBU+KBoxNkwgGKC5iiht2Fc9B
         OwaeEgK3GBic3MDccR4/wYyXrEirCyb8B9MScj7wRZz1BX0RQH2g6DuMKTNk5xQh9dSk
         J2beLSDWMKHPcnZZ8255NWaqQKhu8RHnyvhV4HRs+p4nej9/tJSNBk17CEdqkp/HbZsD
         dEbw==
MIME-Version: 1.0
X-Received: by 10.129.85.66 with SMTP id j63mr6661161ywb.28.1440105827739;
 Thu, 20 Aug 2015 14:23:47 -0700 (PDT)
Received: by 10.37.98.131 with HTTP; Thu, 20 Aug 2015 14:23:47 -0700 (PDT)
In-Reply-To: 
 <CAJdLeK34qW=2fGEARa9CW5v6ouysRXi3LOeR7LdgeM9Mq1kEDA@mail.gmail.com>
References: 
 <CAMjVhWycCiw3SKDU7G16msf4jrdhnYLmYyf56hBjx2PvX_DuDQ@mail.gmail.com>
	<CAJdLeK34qW=2fGEARa9CW5v6ouysRXi3LOeR7LdgeM9Mq1kEDA@mail.gmail.com>
Date: Thu, 20 Aug 2015 17:23:47 -0400
Message-ID: 
 <CAMjVhWxmz8Dy3OK_Ng9D+3dheyfpyjk+8xxnYyoXKu+jNJO3NA@mail.gmail.com>
Subject: Re: How to secure Zookeeper
From: Daniel Kashtan <djkashtan@gmail.com>
To: user@zookeeper.apache.org
Content-Type: multipart/alternative; boundary=001a113f2bc24d2e98051dc4c4c1

--001a113f2bc24d2e98051dc4c4c1
Content-Type: text/plain; charset=UTF-8

Thank you for the response. The SSL user guide is a great tutorial, but I
am using the latest stable release, 3.4.6. It does not have any Netty
capability, so I am out of luck?

At this link:
http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#Communication+using+the+Netty+framework

It says that Netty is available for SSL in 3.4... is that an error in the
documentation?

The guide on SASL bewilders me... also from the current docs I somehow
missed the section "Authentication & Authorization Options" at:
http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_authOptions

This part of the documentation describes
"zookeeper.DigestAuthenticationProvider.superDigest"...
is that something I can use for authentication?

On Thu, Aug 20, 2015 at 11:41 AM, Ivan Kelly <ivank@apache.org> wrote:

>
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide#ZooKeeperSSLUserGuide-Quorum
>
> This wiki page contains a guide on ssl and auth.
>
> -Ivan
>
> On Thu, Aug 20, 2015 at 5:35 PM Daniel Kashtan <djkashtan@gmail.com>
> wrote:
>
> > Is it possible to authenticate users and use ssl for communication
> between
> > the Zookeeper server and its clients?
> >
> > --
> > -Daniel
> >
>



-- 
-Daniel

--001a113f2bc24d2e98051dc4c4c1--