zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rakesh Radhakrishnan <rake...@apache.org>
Subject Re: Observer properties for SASL authentication in 3.4.13 version
Date Tue, 25 Sep 2018 07:12:21 GMT
Thanks Ram for the interest on this feature.

Yes, user can enable SASL for Observer nodes as well. In general,
QuorumLearner will send authentication packet to peer QuorumServer.
Observer is a learner which follows the same quorum authentication protocol
and auth logic will work fine.

FYI, hope you are referring below links for configurations,
https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication
https://blog.cloudera.com/blog/2017/01/hardening-apache-zookeeper-security-sasl-quorum-peer-mutual-authentication-and-authorization/

Please let us know if you are facing any issues.

Thanks,
Rakesh

On Mon, Sep 24, 2018 at 8:31 AM rammohan ganapavarapu <
rammohanganap@gmail.com> wrote:

> Hi,
>
> Do we need to configure any thing on observer nodes for SASL
> authentication?
>
> tcpKeepAlive=true ( this is not for sasl but just asking )
>
> quorum.auth.enableSasl=true
> quorum.auth.learnerRequireSasl=true
> quorum.auth.serverRequireSasl=true
>
> What will happen if i set these properties on observers nodes as well ?
>
> Thanks,
> Ram
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message