eolivelli commented on issue #8670: URL: https://github.com/apache/pulsar/issues/8670#issuecomment-732155206
@yanshuchong if you use ZooKeeper 3.6.x servers you can simply require that every client is authenticated see: https://zookeeper.apache.org/doc/r3.6.0/zookeeperAdmin.html#sc_authOptions > zookeeper.sessionRequireClientSASLAuth : (Java system property only: zookeeper.sessionRequireClientSASLAuth) New in 3.6.0: When set to true, ZooKeeper server will only accept connections and requests from clients that have authenticated with server via SASL. Clients that are not configured with SASL authentication, or configured with SASL but failed authentication (i.e. with invalid credential) will not be able to establish a session with server. A typed error code (-124) will be delivered in such case, both Java and C client will close the session with server thereafter, without further attempts on retrying to reconnect. > > By default, this feature is disabled. Users who would like to opt-in can enable the feature by setting zookeeper.sessionRequireClientSASLAuth to true. > > This feature overrules the zookeeper.allowSaslFailedClients option, so even if server is configured to allow clients that fail SASL authentication to login, client will not be able to establish a session with server if this feature is enabled. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
