[
https://issues.apache.org/jira/browse/BOOKKEEPER-391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15659408#comment-15659408
]
Rakesh R commented on BOOKKEEPER-391:
-------------------------------------
bq. During the meeting we talked about this issue
I hope the discussion went well. Wish you all the best for your dev efforts.
bq. Can you explain more deeply the purpose of having a special entry for the
Auditor ?
AutoRecovery is meant for replication purpose and iirc, this is designed as an
admin operated service. BK supports to start AutoRecovery service in either
embedded mode or start
[AutoRecovery|https://github.com/apache/bookkeeper/blob/master/bookkeeper-server/bin/bookkeeper#L207]
as a separate process. Since this is designed as an admin operated service,
I'd prefer to provide a provision to configure his own credentials rather than
using a normal bookkeeper client's credentials. If admin wants to use same
bookkeeper client's credentials to AutoRecovery then he could take a call and
configure the same in {{BookieAuditor}} principal entries section. Does this
makes sense to you?
> Support Kerberos authentication of bookkeeper
> ---------------------------------------------
>
> Key: BOOKKEEPER-391
> URL: https://issues.apache.org/jira/browse/BOOKKEEPER-391
> Project: Bookkeeper
> Issue Type: New Feature
> Components: bookkeeper-client, bookkeeper-server
> Reporter: Rakesh R
> Assignee: Enrico Olivelli
>
> This JIRA to discuss authentication mechanism of bookie clients and server.
> Assume ZK provides fully secured communication channel using Kerberos based
> authentication and authorization model. We could also manage and renew users
> authenticated to BK via Kerberos. There is currently no configuration or
> hooks for the Bookie process to obtain Kerberos credentials.
> Today an unauthenticated bookie client can easily establish connection with
> the bookkeeper server.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)