Botond Hejj created ZOOKEEPER-2462:
--------------------------------------
Summary: force authentication/authorization
Key: ZOOKEEPER-2462
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2462
Project: ZooKeeper
Issue Type: New Feature
Components: server
Reporter: Botond Hejj
Priority: Minor
This change introduces two new config options to force authorization and
authentication:
1. disableWorldACL
The purpose of this option is disable the builtin mechanism which authorizes
everyone.
If it is turned on than the world/anyone usage is ignored. ZooKeeper will not
check operations based on world/anyone.
This option is useful to force some kind of authorization mechanism. This
restriction is useful in a strictly audited environment.
2. forceAuthentication
If this option is turned on than ZooKeeper won't authorize any operation if the
user has not authenticated either with SASL or with addAuth.
There is way to enforce SASL authentication but currently there is no way to
enforce authentication using the plugin mechanism. Enforcing authentication for
that is more tricky since authentication can come any time later. This option
doesn't drop the connection if there was no authentication. It is only throwing
NoAuth for any operation until the Auth packet arrives.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
