Jörn Franke created SOLR-13673:
----------------------------------
Summary: Provide X509ZkAclProvider for X509 Zookeeper
Authentication and ACLs
Key: SOLR-13673
URL: https://issues.apache.org/jira/browse/SOLR-13673
Project: Solr
Issue Type: Wish
Security Level: Public (Default Security Level. Issues are Public)
Components: SolrCloud
Affects Versions: 8.2, master (9.0)
Reporter: Jörn Franke
ZooKeeper supports X509 authentication and ACLs towards Zookeeper servers. It
seems that when enabling SSL support in ZooKeeper 3.5.5 and ACLs only X509 ACLs
are allowed and others (e.g. Kerberos Authentication and ACLs with SSL enabled)
are not possible (see also:
https://issues.apache.org/jira/browse/ZOOKEEPER-3482).
Furthermore, in highly automised cloud environments and enteprise environments,
X509 authentication and ACLs could be an attractive alternative compared to
Kerberos.
Solr should thus support a X509ZkAclProivder for X509 Zookeeper Authentication
and ACLs.
See also:
* Zookeeper X509 authentication provider:
[https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide#ZooKeeperSSLUserGuide-X509AuthenticationProvider]
* ZooKeeper Admin Guide:
[https://zookeeper.apache.org/doc/r3.5.5/zookeeperAdmin.html#sc_authOptions]
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
