[
https://issues.apache.org/jira/browse/SOLR-13673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jörn Franke updated SOLR-13673:
-------------------------------
Description:
ZooKeeper supports X509 authentication and ACLs towards Zookeeper servers. It
seems that when enabling SSL support in ZooKeeper 3.5.5 and ACLs only X509 ACLs
are allowed and others (e.g. Kerberos Authentication and Kerberos ACLs with SSL
communication enabled) are not possible (see also:
https://issues.apache.org/jira/browse/ZOOKEEPER-3482).
Furthermore, in highly automised cloud environments and enteprise environments,
X509 authentication and ACLs could be an attractive alternative compared to
Kerberos.
Solr should thus support a X509ZkAclProivder for X509 Zookeeper Authentication
and ACLs.
See also:
* Zookeeper X509 authentication provider:
[https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide#ZooKeeperSSLUserGuide-X509AuthenticationProvider]
* ZooKeeper Admin Guide:
[https://zookeeper.apache.org/doc/r3.5.5/zookeeperAdmin.html#sc_authOptions]
was:
ZooKeeper supports X509 authentication and ACLs towards Zookeeper servers. It
seems that when enabling SSL support in ZooKeeper 3.5.5 and ACLs only X509 ACLs
are allowed and others (e.g. Kerberos Authentication and ACLs with SSL enabled)
are not possible (see also:
https://issues.apache.org/jira/browse/ZOOKEEPER-3482).
Furthermore, in highly automised cloud environments and enteprise environments,
X509 authentication and ACLs could be an attractive alternative compared to
Kerberos.
Solr should thus support a X509ZkAclProivder for X509 Zookeeper Authentication
and ACLs.
See also:
* Zookeeper X509 authentication provider:
[https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide#ZooKeeperSSLUserGuide-X509AuthenticationProvider]
* ZooKeeper Admin Guide:
[https://zookeeper.apache.org/doc/r3.5.5/zookeeperAdmin.html#sc_authOptions]
> Provide X509ZkAclProvider for X509 Zookeeper Authentication and ACLs
> --------------------------------------------------------------------
>
> Key: SOLR-13673
> URL: https://issues.apache.org/jira/browse/SOLR-13673
> Project: Solr
> Issue Type: Wish
> Security Level: Public(Default Security Level. Issues are Public)
> Components: SolrCloud
> Affects Versions: master (9.0), 8.2
> Reporter: Jörn Franke
> Priority: Major
>
> ZooKeeper supports X509 authentication and ACLs towards Zookeeper servers. It
> seems that when enabling SSL support in ZooKeeper 3.5.5 and ACLs only X509
> ACLs are allowed and others (e.g. Kerberos Authentication and Kerberos ACLs
> with SSL communication enabled) are not possible (see also:
> https://issues.apache.org/jira/browse/ZOOKEEPER-3482).
> Furthermore, in highly automised cloud environments and enteprise
> environments, X509 authentication and ACLs could be an attractive alternative
> compared to Kerberos.
> Solr should thus support a X509ZkAclProivder for X509 Zookeeper
> Authentication and ACLs.
>
> See also:
> * Zookeeper X509 authentication provider:
> [https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide#ZooKeeperSSLUserGuide-X509AuthenticationProvider]
> * ZooKeeper Admin Guide:
> [https://zookeeper.apache.org/doc/r3.5.5/zookeeperAdmin.html#sc_authOptions]
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
