[ https://issues.apache.org/jira/browse/BOOKKEEPER-391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15978985#comment-15978985 ]
ASF GitHub Bot commented on BOOKKEEPER-391: ------------------------------------------- Github user revans2 commented on the issue: https://github.com/apache/bookkeeper/pull/110 @eolivelli Validation of the client side principal in ZK is done through ACLs. The simplest thing to do in our case is to have a white list of clients (possibly with regular expressions). If you want to do it as a separate JIRA you can, but without it your would need a separate KDC for the cluster to restrict who is and isn't allowed to access the bookie. > Support Kerberos authentication of bookkeeper > --------------------------------------------- > > Key: BOOKKEEPER-391 > URL: https://issues.apache.org/jira/browse/BOOKKEEPER-391 > Project: Bookkeeper > Issue Type: New Feature > Components: bookkeeper-client, bookkeeper-server > Reporter: Rakesh R > Assignee: Enrico Olivelli > Fix For: 4.5.0 > > > This JIRA to discuss authentication mechanism of bookie clients and server. > Assume ZK provides fully secured communication channel using Kerberos based > authentication and authorization model. We could also manage and renew users > authenticated to BK via Kerberos. There is currently no configuration or > hooks for the Bookie process to obtain Kerberos credentials. > Today an unauthenticated bookie client can easily establish connection with > the bookkeeper server. -- This message was sent by Atlassian JIRA (v6.3.15#6346)