[
https://issues.apache.org/jira/browse/ZOOKEEPER-2144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14364235#comment-14364235
]
Camille Fournier commented on ZOOKEEPER-2144:
---------------------------------------------
Can you explain the problem in a bit more detail? I think the question in my
mind is will there be a security risk by allowing updating of auth info in the
manner you suggest. What are your thoughts around that?
> Provide a way to update the auth info on a connection
> -----------------------------------------------------
>
> Key: ZOOKEEPER-2144
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2144
> Project: ZooKeeper
> Issue Type: Improvement
> Reporter: Karol Dudzinski
>
> The current auth info implementation makes it very difficult to work with
> expiring auth info. If a client fails over between servers, it resends its
> list of auth info in a FIFO order. Therefore, if any of the info has
> expired, it'll cause the session to be lost. There is currently no way to
> update or remove any existing info, only add. Any objections to adding an
> update or remove auth info method?
> An alternate solution would be for ClientCnxn.AuthData to implement an equals
> method that only checks the scheme field. As the AuthData is stored in a
> set, this would have the same effect as an update operation. However, I'm
> not sure if there is a use case for supplying multiple bits of AuthData for
> the same scheme?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
