I have uploaded updated spec with additional sections regarding backward
compatibility and testing.
Regarding minikdc - this is hadoop subproject. I doubt you want zookeeper
depending on it. On theother hand I am pretty sure minikdc project does not
need to be part of hadoop project since it does not really depend (or does not
need to depend) on anything from hadoop.
Thanks,Yuliya
From: Patrick Hunt <[email protected]>
To: DevZooKeeper <[email protected]>; yuliya Feldman
<[email protected]>
Sent: Tuesday, April 7, 2015 5:16 PM
Subject: Re: Pluggable SASL Authentication in Zookeeper
That's good to hear (updates and testing with kerb). The minikdc will allow
us to validate as part of the unit tests, which will be a great addition
for folks trying to make changes and ensuring they don't break things. It's
always been a worry of mine with the current setup.
Patrick
On Tue, Apr 7, 2015 at 5:07 PM, yuliya Feldman <[email protected]>
wrote:
> Thank you Patrick for replying.
> Certainly everything that is working today should/will work out of the box
> with pluggable way.Will update a document with test and backward
> compatibility goals.
> I do actually have a patch and UnitTests, though I tested Kerberos with
> real KDC, but all the Unit tests related to SASL were passing OK.
> Thanks,Yuliya
>
> From: Patrick Hunt <[email protected]>
> To: DevZooKeeper <[email protected]>; yuliya Feldman <
> [email protected]>
> Sent: Tuesday, April 7, 2015 4:58 PM
> Subject: Re: Pluggable SASL Authentication in Zookeeper
>
> Sounds like a reasonable goal. I don't see anything about testing, not
> breaking backward compatibility, etc... - I would think that we should
> ensure that kerberos continues to work. When the original sasl work was
> done the minikdc didn't exist, now that it does I think we should pull that
> in as part of the validation (ensure things don't break).
>
> Patrick
>
>
>
> On Tue, Apr 7, 2015 at 3:15 PM, yuliya Feldman <[email protected]
> >
> wrote:
>
> > Hello here,
> > I was wondering is whether Zookeeper community would benefit from
> > Pluggable SASL Authentication.
> > Today SASLAuthenticationProvider is used for all SASL based
> > authentications which creates some "if/else" statements in
> > ZookeeperSaslClient and ZookeeperSaslServer code even with just Kerberos
> > and Digest.We want to use yet another different SASL based authentication
> > and adding one more "if/else" with some code specific just to that new
> way
> > does not make much sense.Proposal is to allow to plug custom SASL
> > Authentication mechanism(s).I have submitted JIRA: [ZOOKEEPER-2159]
> > Pluggable SASL Authentication - ASF JIRAwith the proposal, so I would
> > appreciate feedback from the community.Thanks,Yuliya
> >
> >
>
>
>
>
