[
https://issues.apache.org/jira/browse/BOOKKEEPER-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13483285#comment-13483285
]
Flavio Junqueira edited comment on BOOKKEEPER-390 at 10/24/12 3:05 PM:
-----------------------------------------------------------------------
I'd like to ask a couple of questions just for my own understanding, it is not
(yet) a criticism to this approach:
# When creating a bookkeeper object, we have the option of passing a zookeeper
object. What if we require that, in the case of zookeeper authentication
enabled, the application creates a zookeeper object before using bookkeeper?
# We are moving towards having a MetaStore interface (BOOKKEEPER-204) so that
we can use different backends to store metadata. Should we be looking into
implementing a more general approach that fits into the MetaStore interface and
enables authentication for anything that supports SASL?
was (Author: fpj):
I'd like to ask a couple of questions just for my own understanding, it is
not (yet) a criticism to this approach:
# When creating a bookkeeper object, we have the option of passing a zookeeper
object. What if we require that, in the case of zookeeper authentication
enabled, the application creates a zookeeper object before using bookkeeper?
# We are moving towards having a MetaStore interface (BOOKKEEPER-204) so that
we can use different backends to store metadata. Should we be looking into
implementing a more general approach that fits into the MetaStore interface an
enables authentication anything that supports SASL?
> Provide support for ZooKeeper authentication
> --------------------------------------------
>
> Key: BOOKKEEPER-390
> URL: https://issues.apache.org/jira/browse/BOOKKEEPER-390
> Project: Bookkeeper
> Issue Type: New Feature
> Components: bookkeeper-client, bookkeeper-server
> Affects Versions: 4.0.0
> Reporter: Rakesh R
> Assignee: Rakesh R
> Attachments: BOOKKEEPER-390-Acl-draftversion.patch
>
>
> This JIRA adds support for protecting the state of Bookkeeper znodes on a
> multi-tenant ZooKeeper cluster.
> Use case: When user tries to run a ZK cluster in multitenant mode, where
> more than one client service would like to share a single ZK service instance
> (cluster). In this case the client services typically want to protect their
> data (ZK znodes) from access by other services (tenants) on the cluster. Say
> you are running BK, HBase or ZKFC instances, etc... having
> authentication/authorization on the znodes is important for both security and
> helping to ensure that services don't interact negatively (touch each other's
> data).
> Presently Bookkeeper does not have support for authentication or
> authorization while accessing to ZK. This should be added to the BK
> clients/server that are accessing the ZK cluster. In general it means calling
> addAuthInfo once after a session is established
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
