[
https://issues.apache.org/jira/browse/BOOKKEEPER-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13685943#comment-13685943
]
Rakesh R commented on BOOKKEEPER-390:
-------------------------------------
bq.cookies, bkreg, auditorvote are coordination entities.
[~ikelly] I agree with you. I've created BOOKKEEPER-628 and tries to unify the
zk usage in bookie server & bookie admin side operations. Presently the zk apis
are scattered in Bookie, Cookie, BookkeeperAdmin and I feel, later will be
helpful to focus at common places when doing the ZK acls.
Actually my intention with this BOOKKEEPER-390 JIRA is to provide ACL access to
the metadata information which bk-client & bk-server is keeping in ZooKeeper.
Earlier I had raised BOOKKEEPER-391, to implement bkclient-bkserver
authentication. I think we can generalize BOOKKEEPER-391 JIRA, presently I
mentioned as kerberos based authentication. 'CnxnAuthProviders' interface is
fine and IMO we can use the similar approach which you had in
https://github.com/ivankelly/bookkeeper/tree/BookKeeperAuth.
[~ikelly] are you working on this checking now?.
> Provide support for ZooKeeper authentication
> --------------------------------------------
>
> Key: BOOKKEEPER-390
> URL: https://issues.apache.org/jira/browse/BOOKKEEPER-390
> Project: Bookkeeper
> Issue Type: New Feature
> Components: bookkeeper-client, bookkeeper-server
> Affects Versions: 4.0.0
> Reporter: Rakesh R
> Assignee: Rakesh R
> Fix For: 4.3.0
>
> Attachments: BOOKKEEPER-390-Acl-draftversion.patch,
> BOOKKEEPER-390-Authentication-interfaces-draftversion.patch
>
>
> This JIRA adds support for protecting the state of Bookkeeper znodes on a
> multi-tenant ZooKeeper cluster.
> Use case: When user tries to run a ZK cluster in multitenant mode, where
> more than one client service would like to share a single ZK service instance
> (cluster). In this case the client services typically want to protect their
> data (ZK znodes) from access by other services (tenants) on the cluster. Say
> you are running BK, HBase or ZKFC instances, etc... having
> authentication/authorization on the znodes is important for both security and
> helping to ensure that services don't interact negatively (touch each other's
> data).
> Presently Bookkeeper does not have support for authentication or
> authorization while accessing to ZK. This should be added to the BK
> clients/server that are accessing the ZK cluster. In general it means calling
> addAuthInfo once after a session is established
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
