zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Han <h...@cloudera.com>
Subject Re: security
Date Thu, 15 Dec 2016 18:47:47 GMT
>> is there any plan to support SSL
There is ZOOKEEPER-1000
<https://issues.apache.org/jira/browse/ZOOKEEPER-1000>, but no one is
actively pushing this.

>>  Does zookeeper provide KDC HA as off-shelf support?
HA of KDC is not part of ZooKeeper's responsibility. KDC has its own HA
solutions (i.e. through master slave replication). The test report is a
record of what's done for the purpose of testing, and is not a reference
for a product deployment.


On Thu, Dec 15, 2016 at 2:34 AM, FaXin Zhong <faxin.zhong@ericsson.com>
wrote:

> Hi,
>
> Many thanks for the info.  For the server-server communication, is there
> any plan to support SSL as well?  We better have one security approach for
> client and server.
>
> The test report mentions installing the KDC on sever 1, how to secure the
> KDC HA? Does zookeeper provide KDC HA as off-shelf support?
>
> BRs/Faxin
>
> -----Original Message-----
> From: Rakesh Radhakrishnan [mailto:rakeshr@apache.org]
> Sent: den 14 december 2016 14:24
> To: user@zookeeper.apache.org
> Subject: Re: security
>
> Hi,
>
> Adding one more point to the above. Please refer the test report here,
> https://goo.gl/qNR45M
>
> Both the issues mentioned in the report has been discussed.
> Problem-1)  This has been taken care and corrected the document
> Problem-2) This is a deployment mistake. Please go through the analysis
> section and has to be taken care during deployment.
>
> Thanks,
> Rakesh
>
> On Wed, Dec 14, 2016 at 6:41 PM, Rakesh Radhakrishnan <rakeshr@apache.org>
> wrote:
>
> > 1 => AFAIK, there are many companies adopted 3.5.x latest alpha
> > version and no major issues reported so far. I hope beta release will
> > be out soon at the first quarter of next year if there is no
> > blockers/critical issues by anyone. IIUC, 3.5.3 release discussion is
> > in progress. Probably, you can do a trial run and start
> > analyzing/understanding the changes in 3.5.x latest version
> (3.5.2-alpha) for smooth adoption to your eco system.
> >
> > 2 => Thanks for the interest on this feature. This work has been
> > committed into the branch 3.4 recently(two weeks back) and planning
> > 3.4.10 release asap including this feature. Again, the release
> discussion is in progress.
> > This feature has been tested by multiple folks and the test reports
> > are available. Please go through the below links to understand more on
> this.
> > I'd really appreciate if you could test this feature and publish
> feedback.
> > Thanks! Please feel free to contact or discuss issues, some of us will
> > help you. There are plans to forward port this feature to branch 3.5
> > via
> > ZOOKEEPER-2639 task.
> >
> > https://qnalist.com/questions/7332914/test-plan-for-zk-1045-
> > call-for-volunteers
> > https://issues.apache.org/jira/secure/attachment/12834567/ZO
> > OKEEPER-1045%20Test%20Plan.pdf - The problems mentioned in this test
> > report is already taken care.
> >
> > Feature documentation is getting ready and draft version is available
> here.
> > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKee
> > per+and+SASL+authentication
> > Documentation review is going on.
> >
> > Regards,
> > Rakesh
> >
> > On Wed, Dec 14, 2016 at 5:54 PM, FaXin Zhong
> > <faxin.zhong@ericsson.com>
> > wrote:
> >
> >> Hi,
> >>
> >> Our product is using zookeeper. I have some security questions about
> >> zookeeper as below.
> >>
> >>
> >> 1.       We want to use ssl for the client-server communication,
> >> zookeeper supports it since 3.5.1, while it's alpha version,  is it
> >> OK to upgrade zookeeper to 3.5.1 or latest? We are currently using
> >> 3.4.8 for customers.
> >>
> >>
> >> 2.       Does zookeeper support server-server secure communication as
> >> well?  Or any plan? I don't find it in zookeeper documents, but found
> >> some JIRA stuff
> >> "ZOOKEEPER-1045<https://issues.apache.org/jira/browse/ZOOKEE
> >> PER-1045> covers server-server mutual authentication by SASL", what
> >> PER-1045> do
> >> you think of it for commercial usage?
> >>
> >>
> >> Thanks a lot!
> >>
> >> BRs/Faxin
> >>
> >
> >
>



-- 
Cheers
Michael.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message