[jira] [Commented] (ZOOKEEPER-1045) Support Quorum Peer mutual authentication via SASL

Tue, 12 Jul 2016 12:29:07 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15373532#comment-15373532
 ] 

Rakesh R commented on ZOOKEEPER-1045:
-------------------------------------

Attached new patch with the following changes:

# Fixed [~hanm]'s review comments given in the review ticket. Also, fixed one 
review comment given in this jira to modify {{ReadMe.md}} content.
# Since the current patch is supporting  only single (shared) Kerberos 
principal I've provided simple string comparison for authorization. Presently 
{{quorum.auth.kerberos.servicePrincipal}} holds the shared principal value. One 
idea to support each of the servers individual credentials is by extending the 
configuration with respective {{myid}} value as shown below. IMHO, we could 
push the basic patch first and discuss individual credentials logic and their 
authorization part separately as the current patch is getting bigger and 
bigger. [~phunt], whats your opinion?
{code}
quorum.auth.kerberos.servicePrincipal.1 = "QuorumServer1"
quorum.auth.kerberos.servicePrincipal.2 = "QuorumServer2"
quorum.auth.kerberos.servicePrincipal.3 = "QuorumServer3"
{code}
# Exposed {{fleTimeTaken}} value via jmx bean attribute, which can be used to 
see the total time taken for LE.
# Added few more unit test cases to cover newly introduced {{ConfigException}} 
cases.

> Support Quorum Peer mutual authentication via SASL
> --------------------------------------------------
>
>                 Key: ZOOKEEPER-1045
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Eugene Koontz
>            Assignee: Rakesh R
>            Priority: Critical
>             Fix For: 3.4.9, 3.5.3
>
>         Attachments: 0001-ZOOKEEPER-1045-br-3-4.patch, 
> 1045_failing_phunt.tar.gz, ZK-1045-test-case-failure-logs.zip, 
> ZOOKEEPER-1045-00.patch, ZOOKEEPER-1045-Rolling Upgrade Design Proposal.pdf, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045TestValidationDesign.pdf
>
>
> ZOOKEEPER-938 addresses mutual authentication between clients and servers. 
> This bug, on the other hand, is for authentication among quorum peers. 
> Hopefully much of the work done on SASL integration with Zookeeper for 
> ZOOKEEPER-938 can be used as a foundation for this enhancement.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to