zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Nauroth <cnaur...@hortonworks.com>
Subject Re: QOP SASL property
Date Thu, 08 Oct 2015 22:16:51 GMT
Hi Flavio,

It appears that the current code doesn't give us any way to control the
QOP, so it must be always using the default QOP of "auth" (authentication
only).  This is because the calls to Sasl#createSaslClient and
Sasl#createSaslServer pass a hard-coded null for the properties map.

https://github.com/apache/zookeeper/blob/trunk/src/java/main/org/apache/zoo
keeper/client/ZooKeeperSaslClient.java#L240


https://github.com/apache/zookeeper/blob/trunk/src/java/main/org/apache/zoo
keeper/client/ZooKeeperSaslClient.java#L288


https://github.com/apache/zookeeper/blob/trunk/src/java/main/org/apache/zoo
keeper/server/ZooKeeperSaslServer.java#L118


https://github.com/apache/zookeeper/blob/trunk/src/java/main/org/apache/zoo
keeper/server/ZooKeeperSaslServer.java#L144


If we want to support setting QOP to "auth-int" (authentication +
integrity/man-in-the-middle tampering protection) or "auth-conf"
(authentication + integrity + confidentiality/encryption), then I think
we'll need to make code changes to read a new QOP configuration property,
put it into a Map using Sasl#QOP as the key, and then pass it along to the
Sasl#createSaslClient and Sasl#createSaslServer calls.

Is this what you need?  If so, then I'd be happy to write up the proposal
in a new JIRA.  I didn't find any existing open JIRAs that look relevant.

--Chris Nauroth




On 10/8/15, 2:06 PM, "Flavio Junqueira" <fpj@apache.org> wrote:

>Has anyone tried to use the QOP (Quality of Protection) property for SASL
>when running ZooKeeper?
>
>-Flavio  


Mime
View raw message