zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From FaXin Zhong <faxin.zh...@ericsson.com>
Subject RE: security
Date Thu, 15 Dec 2016 10:34:44 GMT

Many thanks for the info.  For the server-server communication, is there any plan to support
SSL as well?  We better have one security approach for client and server.

The test report mentions installing the KDC on sever 1, how to secure the KDC HA? Does zookeeper
provide KDC HA as off-shelf support?


-----Original Message-----
From: Rakesh Radhakrishnan [mailto:rakeshr@apache.org] 
Sent: den 14 december 2016 14:24
To: user@zookeeper.apache.org
Subject: Re: security


Adding one more point to the above. Please refer the test report here, https://goo.gl/qNR45M

Both the issues mentioned in the report has been discussed.
Problem-1)  This has been taken care and corrected the document
Problem-2) This is a deployment mistake. Please go through the analysis section and has to
be taken care during deployment.


On Wed, Dec 14, 2016 at 6:41 PM, Rakesh Radhakrishnan <rakeshr@apache.org>

> 1 => AFAIK, there are many companies adopted 3.5.x latest alpha 
> version and no major issues reported so far. I hope beta release will 
> be out soon at the first quarter of next year if there is no 
> blockers/critical issues by anyone. IIUC, 3.5.3 release discussion is 
> in progress. Probably, you can do a trial run and start 
> analyzing/understanding the changes in 3.5.x latest version (3.5.2-alpha) for smooth
adoption to your eco system.
> 2 => Thanks for the interest on this feature. This work has been 
> committed into the branch 3.4 recently(two weeks back) and planning 
> 3.4.10 release asap including this feature. Again, the release discussion is in progress.
> This feature has been tested by multiple folks and the test reports 
> are available. Please go through the below links to understand more on this.
> I'd really appreciate if you could test this feature and publish feedback.
> Thanks! Please feel free to contact or discuss issues, some of us will 
> help you. There are plans to forward port this feature to branch 3.5 
> via
> ZOOKEEPER-2639 task.
> https://qnalist.com/questions/7332914/test-plan-for-zk-1045-
> call-for-volunteers
> https://issues.apache.org/jira/secure/attachment/12834567/ZO
> OKEEPER-1045%20Test%20Plan.pdf - The problems mentioned in this test 
> report is already taken care.
> Feature documentation is getting ready and draft version is available here.
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKee
> per+and+SASL+authentication
> Documentation review is going on.
> Regards,
> Rakesh
> On Wed, Dec 14, 2016 at 5:54 PM, FaXin Zhong 
> <faxin.zhong@ericsson.com>
> wrote:
>> Hi,
>> Our product is using zookeeper. I have some security questions about 
>> zookeeper as below.
>> 1.       We want to use ssl for the client-server communication,
>> zookeeper supports it since 3.5.1, while it's alpha version,  is it 
>> OK to upgrade zookeeper to 3.5.1 or latest? We are currently using 
>> 3.4.8 for customers.
>> 2.       Does zookeeper support server-server secure communication as
>> well?  Or any plan? I don't find it in zookeeper documents, but found 
>> some JIRA stuff 
>> "ZOOKEEPER-1045<https://issues.apache.org/jira/browse/ZOOKEE
>> PER-1045> covers server-server mutual authentication by SASL", what 
>> PER-1045> do
>> you think of it for commercial usage?
>> Thanks a lot!
>> BRs/Faxin
View raw message