zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrico Olivelli <eolive...@gmail.com>
Subject Re: Authorisation in Zookeeper
Date Tue, 14 Jan 2020 09:35:05 GMT
Il giorno lun 13 gen 2020 alle ore 11:06 shrikant kalani <
shrikantkalani@gmail.com> ha scritto:

> Enrico ,
>
> Do you have some examples to show.
>

I am sorry, personally I don't examples, I am not a direct user of this
feature.
I hope others on the list can give practical examples

You can check the guide here
https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide


Enrico


>
> Right now my user is authenticated based on host level certs.  How should
> I add the scheme and then add authorisation rule ?
>
> Thanks
> Srikant Kalani
>
> Sent from Mail for Windows 10
>
> From: Enrico Olivelli
> Sent: 11 January 2020 21:05
> To: UserZooKeeper
> Subject: Re: Authorisation in Zookeeper
>
> Il giorno sab 11 gen 2020 alle ore 09:31 shrikant kalani <
> shrikantkalani@gmail.com> ha scritto:
>
> >
> > My system account means a client process running with unix user id.
> >
> > I want user A to have full access while all other users should only read
> > data from znodes.
> >
>
> Yes ACLs are your way to go
>
> Enrico
>
>
> >
> > Thanks
> > Srikant Kalani
> > Sent from my iPhone
> >
> > > On 11 Jan 2020, at 2:20 PM, Enrico Olivelli <eolivelli@gmail.com>
> wrote:
> > >
> > > Srikant
> > >
> > > Il sab 11 gen 2020, 03:48 shrikant kalani <shrikantkalani@gmail.com>
> ha
> > > scritto:
> > >
> > >> Hi Zookeeper Users
> > >>
> > >> I have implemented TLS authentication in my cluster. Right now the
> > >> authentication is done based on host name (X509).
> > >>
> > >> Now I want to implement authorisation based on user I’d  like only my
> > >> system account should be able to read write data to znodes.
> > >>
> > >
> > > Can you define 'my system account'?
> > > Is your goal that only authenticated users are able to access data?
> > >
> > >
> > > Enrico
> > >
> > >>
> > >> How I can do that ? Is ACLs is the only solution ?
> > >>
> > >> Thanks
> > >> Srikant Kalani
> > >>
> > >> Sent from my iPhone
> >
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message