[jira] [Commented] (ZOOKEEPER-1045) Support Quorum Peer mutual authentication via SASL

Wed, 29 Jun 2016 22:57:08 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15356576#comment-15356576
 ] 

Patrick Hunt commented on ZOOKEEPER-1045:
-----------------------------------------

No, not that it's insufficient, but I was wondering what else was going on in 
order for a simple string comparison to be used.

For example. String comparison might be fine in that situation - iiuc they are 
comparing ids. If we were to use user/host@realm  principals that would be a 
problem. user@realm should work ok. However if the credentials provided to each 
of the servers is the same (user@realm) that would be a bit less secure than 
providing each of the servers individual credentials with user/host@realm 
principals. In the former case (user/host@realm) we couldn't do a simple string 
comparison without some prior code handling that complexity. Perhaps what hbase 
is doing is using user@realm, I'm not sure, I'll try to find out (lmk if you 
come across it).

> Support Quorum Peer mutual authentication via SASL
> --------------------------------------------------
>
>                 Key: ZOOKEEPER-1045
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Eugene Koontz
>            Assignee: Rakesh R
>            Priority: Critical
>             Fix For: 3.4.9, 3.5.3
>
>         Attachments: 0001-ZOOKEEPER-1045-br-3-4.patch, 
> 1045_failing_phunt.tar.gz, ZK-1045-test-case-failure-logs.zip, 
> ZOOKEEPER-1045-00.patch, ZOOKEEPER-1045-Rolling Upgrade Design Proposal.pdf, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch
>
>
> ZOOKEEPER-938 addresses mutual authentication between clients and servers. 
> This bug, on the other hand, is for authentication among quorum peers. 
> Hopefully much of the work done on SASL integration with Zookeeper for 
> ZOOKEEPER-938 can be used as a foundation for this enhancement.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to