[jira] [Commented] (BOOKKEEPER-390) Provide support for ZooKeeper authentication

Thu, 13 Sep 2012 03:06:12 -0700 

    [ 
https://issues.apache.org/jira/browse/BOOKKEEPER-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13454782#comment-13454782
 ] 

Rakesh R commented on BOOKKEEPER-390:
-------------------------------------

Hi All,

Here I've just added one test case to show the authentication approach through 
ACLs.
Also, tried to refactor the usage of zookeeper watcher in the patch.

Please follow the steps to have the ZNode ACL support:
- step1# create zookeeper server principal and create zookeeper client 
principal in Kerberos
- step2# Add the client principal into the zk-jaas.conf
- step3# Add the following system properties to the bookie process and start 
bookie:
-Djava.security.auth.login.config=/home/bookkeeper-server-4.1.1/conf/zk-jaas.conf
 -Dzookeeper.server.principal=zookeeper/hadoop 
-Dzookeeper.authProvider.sasl=org.apache.zookeeper.server.auth.SASLAuthenticationProvider

Could someone have a look at the proposed solution.

Thanks,
Rakesh
                
> Provide support for ZooKeeper authentication
> --------------------------------------------
>
>                 Key: BOOKKEEPER-390
>                 URL: https://issues.apache.org/jira/browse/BOOKKEEPER-390
>             Project: Bookkeeper
>          Issue Type: New Feature
>          Components: bookkeeper-client, bookkeeper-server
>    Affects Versions: 4.0.0
>            Reporter: Rakesh R
>            Assignee: Rakesh R
>         Attachments: BOOKKEEPER-390-Acl-draftversion.patch
>
>
> This JIRA adds support for protecting the state of Bookkeeper znodes on a 
> multi-tenant ZooKeeper cluster.
> Use case: When user tries to run a ZK cluster in multitenant mode,  where 
> more than one client service would like to share a single ZK service instance 
> (cluster). In this case the client services typically want to protect their 
> data (ZK znodes) from access by other services (tenants) on the cluster. Say 
> you are running BK, HBase or ZKFC instances, etc... having 
> authentication/authorization on the znodes is important for both security and 
> helping to ensure that services don't interact negatively (touch each other's 
> data).
> Presently Bookkeeper does not have support for authentication or 
> authorization while accessing to ZK. This should be added to the BK 
> clients/server that are accessing the ZK cluster. In general it means calling 
> addAuthInfo once after a session is established

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to