Return-Path: X-Original-To: apmail-zookeeper-user-archive@www.apache.org Delivered-To: apmail-zookeeper-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8DB4A11C46 for ; Fri, 19 Sep 2014 05:28:35 +0000 (UTC) Received: (qmail 79219 invoked by uid 500); 19 Sep 2014 05:28:28 -0000 Delivered-To: apmail-zookeeper-user-archive@zookeeper.apache.org Received: (qmail 79124 invoked by uid 500); 19 Sep 2014 05:28:28 -0000 Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@zookeeper.apache.org Delivered-To: mailing list user@zookeeper.apache.org Received: (qmail 78993 invoked by uid 500); 19 Sep 2014 05:28:28 -0000 Delivered-To: apmail-hadoop-zookeeper-user@hadoop.apache.org Received: (qmail 78988 invoked by uid 99); 19 Sep 2014 05:28:28 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Sep 2014 05:28:28 +0000 X-ASF-Spam-Status: No, hits=0.6 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS,URI_HEX X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of rakeshr@huawei.com designates 119.145.14.65 as permitted sender) Received: from [119.145.14.65] (HELO szxga02-in.huawei.com) (119.145.14.65) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Sep 2014 05:28:02 +0000 Received: from 172.24.2.119 (EHLO szxeml459-hub.china.huawei.com) ([172.24.2.119]) by szxrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BZR04828; Fri, 19 Sep 2014 13:27:44 +0800 (CST) Received: from szxeml561-mbx.china.huawei.com ([169.254.5.143]) by szxeml459-hub.china.huawei.com ([10.82.67.202]) with mapi id 14.03.0158.001; Fri, 19 Sep 2014 13:27:43 +0800 From: Rakesh R To: "sharma.sucheta@gmail.com" , "user@zookeeper.apache.org" , "zookeeper-user@hadoop.apache.org" Subject: RE: authorize and authenticate zookeeper nodes Thread-Topic: authorize and authenticate zookeeper nodes Thread-Index: AQHP0u3HGwTb7zWohUCvFoscHBMqR5wGTrmQgAGP+nA= Date: Fri, 19 Sep 2014 05:27:41 +0000 Message-ID: References: <1411009659613-7580303.post@n2.nabble.com> Accept-Language: en-US, zh-CN Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.18.170.130] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Virus-Checked: Checked by ClamAV on apache.org Hi Sucheta, Yes its possible to do by setting the ACLs and the authentication schemes(I= P, Digest, Sasl schemes) available in ZK.=20 >>>>1) Zookeeper znode should be accessed by selected ip addresses only. >>>>2) Zookeeper znode should be accessed by selected users only. Let me try to brief the ACLs through the examples. IP Example: ArrayList testACL =3D new ArrayList(); testACL.add(new ACL(Perms.ADMIN, new Id("ip", "127.0.0.1"))= ); zk.create("/acltest", new byte[0], testACL, CreateMode.PERS= ISTENT); zk.getACL("/acltest", new Stat()); User Example: =20 zk1 =3D // create zk client zk1.addAuthInfo("digest", "ben:passwd".getBytes()); zk1.create("/acltest", new byte[0], Ids.CREATOR_ALL_ACL, Create= Mode.PERSISTENT); =20 zk2 =3D // create another client zk2.addAuthInfo("digest", "ben:passwd2".getBytes());=20 zk2.getData("/acltest", false, new Stat()); // Accessing this will throw = Auth exceptions. Sasl Example: Refer org.apache.zookeeper.test.SaslAuthTest.java Also, please see my below mail thread about the Wiki pages (replied on yest= erday). -Rakesh -----Original Message----- From: Rakesh R=20 Sent: 18 September 2014 10:29 To: 'user@zookeeper.apache.org'; zookeeper-user@hadoop.apache.org Subject: RE: authorize and authenticate zookeeper nodes Yes, there are different authentication schemes available in ZooKeeper and = is pluggable. Based on the usecase one can choose it. Please see the wiki page to get more details: https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL -Rakesh -----Original Message----- From: Sucheta [mailto:sharma.sucheta@gmail.com]=20 Sent: 18 September 2014 08:38 To: zookeeper-user@hadoop.apache.org Subject: authorize and authenticate zookeeper nodes Hi, I want to authorize and authenticate zookeeper nodes so that:- 1) Zookeeper znode should be accessed by selected ip addresses only. 2) Zookeeper znode should be accessed by selected users only. Please let me know how to do this. Can we use openAM for this? -- View this message in context: http://zookeeper-user.578899.n2.nabble.com/au= thorize-and-authenticate-zookeeper-nodes-tp7580303.html Sent from the zookeeper-user mailing list archive at Nabble.com.