From user-return-11706-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org Mon Sep 24 22:09:08 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id CDD5E180649 for ; Mon, 24 Sep 2018 22:09:07 +0200 (CEST) Received: (qmail 61032 invoked by uid 500); 24 Sep 2018 20:09:01 -0000 Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@zookeeper.apache.org Delivered-To: mailing list user@zookeeper.apache.org Received: (qmail 61014 invoked by uid 99); 24 Sep 2018 20:09:00 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 24 Sep 2018 20:09:00 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 8B944184DBE for ; Mon, 24 Sep 2018 20:09:00 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.888 X-Spam-Level: * X-Spam-Status: No, score=1.888 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id xpXbdr9kTZWc for ; Mon, 24 Sep 2018 20:08:59 +0000 (UTC) Received: from mail-io1-f43.google.com (mail-io1-f43.google.com [209.85.166.43]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 7B6DF5F3EE for ; Mon, 24 Sep 2018 20:08:59 +0000 (UTC) Received: by mail-io1-f43.google.com with SMTP id w11-v6so18689085iob.2 for ; Mon, 24 Sep 2018 13:08:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=gsabl7xUlerGwGOTxSYWX8QbJKhHDYKjNhYNqB4yyPQ=; b=M54Zm9KXWtm5n8W6YcnH884vsdDP1qiDNRR7Ny3cajwite86GOV0nkP55X6qYhgnNg gFFysOF9sWVtkVPcYABPlMawokPwHVK7xJ6NhqG5dN7RtsDsptbNQbamMDaGfRj8X2k+ n1SqRQy00iVEhuJmq9TSh+KOo3yuJtL/CrJVX32QyeH0hrdR297ZwI8bJbKvPR+/LBKA qXM7JZLq2E2yUzRfJclJSCJRGJKSbQmHFfrhq7ownEn36p3l8KO1R8x65KKAwNwiPw/V li61R9F7DPac8bPZjRlvB+pRnWoOJHVfvtXJJDD14yglyqHHb1gwEaK49rIJMA0eSror vQtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=gsabl7xUlerGwGOTxSYWX8QbJKhHDYKjNhYNqB4yyPQ=; b=nqNBrMRZHrqIfgkSmZoG/7tiBeRKyV0uGHuX2zkSVhBaPZhGlCN14XHW1CNpgQSfRr n9TJj1d5h1lT/OdoQMJFOe77abqhdVN8wntp14xRx0tSQY6ANmL+AkgjnQxiDq5P/UiF huvtJGfFkWrHfMW4Jo0TZJu9BdjixRZFw7RQgavRD0qk+46NN+8y8IW4+YmYqyIIhRbt CsybdYsH3/iKG9qmK5z6adiHuxr1gLL+8b/Jfe5UPvm6OWe+YnPN+5y02TO6fSJ6Esps dIy8ccnq32Q4GHheiORkLRBUV/LJ2y+2m54h1cKtfhAUoCZx1jO82xczcTr+lzNWR7HQ JFeA== X-Gm-Message-State: ABuFfoicWfQO6NVXx7MhXuELRYs+yb9sxKlLj47TP0ewedtvG1M7YIq/ ZeOKmGd94d/bAdr7wyx7wsmhTQTsxNP6BRFsNnpJ0Q== X-Google-Smtp-Source: ACcGV61dQdI9fUPU2MSi4y+SZIFMEIGsfYsvIyuzlAZ9CmTD+kYaLXw1t6+nshnVwIXGZwgcgd1Y4YdPNbBgBNC743U= X-Received: by 2002:a5e:c205:: with SMTP id v5-v6mr389219iop.302.1537819733001; Mon, 24 Sep 2018 13:08:53 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: rammohan ganapavarapu Date: Mon, 24 Sep 2018 13:08:16 -0700 Message-ID: Subject: Re: Observer properties for SASL authentication in 3.4.13 version To: user@zookeeper.apache.org Content-Type: multipart/alternative; boundary="000000000000ea09890576a38e8c" --000000000000ea09890576a38e8c Content-Type: text/plain; charset="UTF-8" Ok, thanks On Mon, Sep 24, 2018 at 11:29 AM Norbert Kalmar wrote: > Unfortunately I'm not entirely sure on this one, and I can't test it out > right now, but shouldn't be any different then a normal follower. So you > should configure SASL the same way. The only difference basically is that > they are non-voters. Everything else works the same. Clients connect and > can send read / write commands. So it would be a huge security hole if an > observer is not configured as well. > > Regards, > Norbert > > On Mon, Sep 24, 2018 at 10:59 AM rammohan ganapavarapu < > rammohanganap@gmail.com> wrote: > > > Any thoughts? > > > > On Sun, Sep 23, 2018 at 8:00 PM rammohan ganapavarapu < > > rammohanganap@gmail.com> wrote: > > > > > Hi, > > > > > > Do we need to configure any thing on observer nodes for SASL > > > authentication? > > > > > > tcpKeepAlive=true ( this is not for sasl but just asking ) > > > > > > quorum.auth.enableSasl=true > > > quorum.auth.learnerRequireSasl=true > > > quorum.auth.serverRequireSasl=true > > > > > > What will happen if i set these properties on observers nodes as well ? > > > > > > Thanks, > > > Ram > > > > > > --000000000000ea09890576a38e8c--