[jira] [Commented] (ZOOKEEPER-1045) Quorum Peer mutual authentication

Sat, 12 Dec 2015 01:58:23 -0800 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15054187#comment-15054187
 ] 

Rakesh R commented on ZOOKEEPER-1045:
-------------------------------------

I'm attaching patch to supports QuorumPeer authentication using the 
SASL(Kerberos/Digest) mechanism. This patch is based on branch-3.4. Also, 
please refer PR: https://github.com/apache/zookeeper/pull/49. Any questions and 
comments are very welcome.

Following are the changes:
# Please refer 
{{src/java/main/org/apache/zookeeper/server/quorum/auth/README.md}} to see the 
configurations.
# Introduced {{QuorumConnectionThread}}, through which the connection will be 
established between the quorum peers asynchronously. This will not block other 
connection requests.
# Added {{org.apache.zookeeper.util.SecurityUtils}} to reduce the code 
duplication
# Added {{org.apache.zookeeper.server.quorum.QuorumAuthPacket}}, jute buffer 
for messaging.
# Refer QuorumAuthClient and QuorumAuthServer for the major auth logic.
# Included tests to verify Digest mechanism
# Included tests to verify the Kerberos. I've used {{MiniKdc}} way of testing 
from the {{HDFS}} and taken few test classes from that project. This code base 
is quite big and added few test jar dependencies {{apache.directory.server}}

Thanks a lot [~iv...@yahoo-inc.com], [~hongchaod], [~fpj], [~phunt], [~rgs] for 
the offline discussions and advice.

Pending Work:
# Need to support upgrade execution path. I'll update the proposal to support 
this soon.


> Quorum Peer mutual authentication
> ---------------------------------
>
>                 Key: ZOOKEEPER-1045
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Eugene Koontz
>            Assignee: Rakesh R
>         Attachments: ZOOKEEPER-1045-00.patch
>
>
> ZOOKEEPER-938 addresses mutual authentication between clients and servers. 
> This bug, on the other hand, is for authentication among quorum peers. 
> Hopefully much of the work done on SASL integration with Zookeeper for 
> ZOOKEEPER-938 can be used as a foundation for this enhancement.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to