Thank you Patrick for replying.
Certainly everything that is working today should/will work out of the box with
pluggable way.Will update a document with test and backward compatibility goals.
I do actually have a patch and UnitTests, though I tested Kerberos with real
KDC, but all the Unit tests related to SASL were passing OK.
Thanks,Yuliya
From: Patrick Hunt <[email protected]>
To: DevZooKeeper <[email protected]>; yuliya Feldman
<[email protected]>
Sent: Tuesday, April 7, 2015 4:58 PM
Subject: Re: Pluggable SASL Authentication in Zookeeper
Sounds like a reasonable goal. I don't see anything about testing, not
breaking backward compatibility, etc... - I would think that we should
ensure that kerberos continues to work. When the original sasl work was
done the minikdc didn't exist, now that it does I think we should pull that
in as part of the validation (ensure things don't break).
Patrick
On Tue, Apr 7, 2015 at 3:15 PM, yuliya Feldman <[email protected]>
wrote:
> Hello here,
> I was wondering is whether Zookeeper community would benefit from
> Pluggable SASL Authentication.
> Today SASLAuthenticationProvider is used for all SASL based
> authentications which creates some "if/else" statements in
> ZookeeperSaslClient and ZookeeperSaslServer code even with just Kerberos
> and Digest.We want to use yet another different SASL based authentication
> and adding one more "if/else" with some code specific just to that new way
> does not make much sense.Proposal is to allow to plug custom SASL
> Authentication mechanism(s).I have submitted JIRA: [ZOOKEEPER-2159]
> Pluggable SASL Authentication - ASF JIRAwith the proposal, so I would
> appreciate feedback from the community.Thanks,Yuliya
>
>
