zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rakesh R <rake...@huawei.com>
Subject RE: authorize and authenticate zookeeper nodes
Date Fri, 19 Sep 2014 05:27:41 GMT
Hi Sucheta,

Yes its possible to do by setting the ACLs and the authentication schemes(IP, Digest, Sasl
schemes) available in ZK. 

>>>>1) Zookeeper znode should be accessed by selected ip addresses only.
>>>>2) Zookeeper znode should be accessed by selected users only.

Let me try to brief the ACLs through the examples.

IP Example:
		    ArrayList<ACL> testACL = new ArrayList<ACL>();
                testACL.add(new ACL(Perms.ADMIN, new Id("ip", "127.0.0.1")));
                zk.create("/acltest", new byte[0], testACL, CreateMode.PERSISTENT);
                zk.getACL("/acltest", new Stat());

User Example:
           
		zk1 = // create zk client
            zk1.addAuthInfo("digest", "ben:passwd".getBytes());
            zk1.create("/acltest", new byte[0], Ids.CREATOR_ALL_ACL, CreateMode.PERSISTENT);
            
            zk2 = // create another client
            zk2.addAuthInfo("digest", "ben:passwd2".getBytes()); 
		zk2.getData("/acltest", false, new Stat()); // Accessing this will throw Auth exceptions.

Sasl Example: Refer org.apache.zookeeper.test.SaslAuthTest.java

Also, please see my below mail thread about the Wiki pages (replied on yesterday).

-Rakesh
-----Original Message-----
From: Rakesh R 
Sent: 18 September 2014 10:29
To: 'user@zookeeper.apache.org'; zookeeper-user@hadoop.apache.org
Subject: RE: authorize and authenticate zookeeper nodes


Yes, there are different authentication schemes available in ZooKeeper and is pluggable. Based
on the usecase one can choose it.

Please see the wiki page to get more details:
https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL

-Rakesh

-----Original Message-----
From: Sucheta [mailto:sharma.sucheta@gmail.com] 
Sent: 18 September 2014 08:38
To: zookeeper-user@hadoop.apache.org
Subject: authorize and authenticate zookeeper nodes

Hi,

I want to authorize and authenticate zookeeper nodes so that:-

1) Zookeeper znode should be accessed by selected ip addresses only.
2) Zookeeper znode should be accessed by selected users only.

Please let me know how to do this. Can we use openAM for this?



--
View this message in context: http://zookeeper-user.578899.n2.nabble.com/authorize-and-authenticate-zookeeper-nodes-tp7580303.html
Sent from the zookeeper-user mailing list archive at Nabble.com.

Mime
View raw message