Hi Flavio, It appears that the current code doesn't give us any way to control the QOP, so it must be always using the default QOP of "auth" (authentication only). This is because the calls to Sasl#createSaslClient and Sasl#createSaslServer pass a hard-coded null for the properties map.
https://github.com/apache/zookeeper/blob/trunk/src/java/main/org/apache/zoo keeper/client/ZooKeeperSaslClient.java#L240 https://github.com/apache/zookeeper/blob/trunk/src/java/main/org/apache/zoo keeper/client/ZooKeeperSaslClient.java#L288 https://github.com/apache/zookeeper/blob/trunk/src/java/main/org/apache/zoo keeper/server/ZooKeeperSaslServer.java#L118 https://github.com/apache/zookeeper/blob/trunk/src/java/main/org/apache/zoo keeper/server/ZooKeeperSaslServer.java#L144 If we want to support setting QOP to "auth-int" (authentication + integrity/man-in-the-middle tampering protection) or "auth-conf" (authentication + integrity + confidentiality/encryption), then I think we'll need to make code changes to read a new QOP configuration property, put it into a Map using Sasl#QOP as the key, and then pass it along to the Sasl#createSaslClient and Sasl#createSaslServer calls. Is this what you need? If so, then I'd be happy to write up the proposal in a new JIRA. I didn't find any existing open JIRAs that look relevant. --Chris Nauroth On 10/8/15, 2:06 PM, "Flavio Junqueira" <[email protected]> wrote: >Has anyone tried to use the QOP (Quality of Protection) property for SASL >when running ZooKeeper? > >-Flavio
