[jira] [Commented] (ZOOKEEPER-1045) Support Quorum Peer mutual authentication via SASL

Mon, 12 Sep 2016 11:54:56 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15484959#comment-15484959
 ] 

Michael Han commented on ZOOKEEPER-1045:
----------------------------------------

Thanks [~shralex] and [~rakeshr] for the design proposal!

bq. update the on-disk auth file.
I am wondering why do we need an on disk auth file in addition to the znode 
that stores the list of auth info for servers added through reconfig? My 
understanding is we need to solve the problem of persisting such information 
such as every server in ensemble can query it, if so, can we just rely solely 
on a new dedicated znode (similar as /zookeeper/config for reconfig)?

bq. it needs to be added using dynamic auth list command
I am assuming here it refers to new commands and APIs to be added for 3.5 that 
specifically for user to add auth info. I am wondering why we don't update 
existing reconfig commands / APIs such that the first thing it will do is to 
add such auth info. Reusing existing reconfig APIs / commands to serialize auth 
info sounds easier to implement.


> Support Quorum Peer mutual authentication via SASL
> --------------------------------------------------
>
>                 Key: ZOOKEEPER-1045
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Eugene Koontz
>            Assignee: Rakesh R
>            Priority: Critical
>             Fix For: 3.4.10, 3.5.3
>
>         Attachments: 0001-ZOOKEEPER-1045-br-3-4.patch, 
> 1045_failing_phunt.tar.gz, HOST_RESOLVER-ZK-1045.patch, 
> TEST-org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.txt, 
> ZK-1045-test-case-failure-logs.zip, ZOOKEEPER-1045-00.patch, 
> ZOOKEEPER-1045-Rolling Upgrade Design Proposal.pdf, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045TestValidationDesign.pdf
>
>
> ZOOKEEPER-938 addresses mutual authentication between clients and servers. 
> This bug, on the other hand, is for authentication among quorum peers. 
> Hopefully much of the work done on SASL integration with Zookeeper for 
> ZOOKEEPER-938 can be used as a foundation for this enhancement.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to