[jira] [Commented] (BOOKKEEPER-390) Provide support for ZooKeeper authentication

[Flavio Junqueira (JIRA)]

    [ 
https://issues.apache.org/jira/browse/BOOKKEEPER-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13483285#comment-13483285
 ] 

Flavio Junqueira commented on BOOKKEEPER-390:
---------------------------------------------

I'd like to ask a couple of questions just for my own understanding, it is not 
(yet) a criticism to this approach:

# When creating a bookkeeper object, we have the option of passing a zookeeper 
object. What if we require that, in the case of zookeeper authentication 
enabled, the application creates a zookeeper object before using bookkeeper?
# We are moving towards having a MetaStore interface (BOOKKEEPER-204) so that 
we can use different backends to store metadata. Should we be looking into 
implementing a more general approach that fits into the MetaStore interface an 
enables authentication anything that supports SASL?
                
> Provide support for ZooKeeper authentication
> --------------------------------------------
>
>                 Key: BOOKKEEPER-390
>                 URL: https://issues.apache.org/jira/browse/BOOKKEEPER-390
>             Project: Bookkeeper
>          Issue Type: New Feature
>          Components: bookkeeper-client, bookkeeper-server
>    Affects Versions: 4.0.0
>            Reporter: Rakesh R
>            Assignee: Rakesh R
>         Attachments: BOOKKEEPER-390-Acl-draftversion.patch
>
>
> This JIRA adds support for protecting the state of Bookkeeper znodes on a 
> multi-tenant ZooKeeper cluster.
> Use case: When user tries to run a ZK cluster in multitenant mode,  where 
> more than one client service would like to share a single ZK service instance 
> (cluster). In this case the client services typically want to protect their 
> data (ZK znodes) from access by other services (tenants) on the cluster. Say 
> you are running BK, HBase or ZKFC instances, etc... having 
> authentication/authorization on the znodes is important for both security and 
> helping to ensure that services don't interact negatively (touch each other's 
> data).
> Presently Bookkeeper does not have support for authentication or 
> authorization while accessing to ZK. This should be added to the BK 
> clients/server that are accessing the ZK cluster. In general it means calling 
> addAuthInfo once after a session is established

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira