[jira] [Commented] (ZOOKEEPER-1045) Support Quorum Peer mutual authentication via SASL

Mon, 12 Sep 2016 18:51:36 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15485949#comment-15485949
 ] 

Alexander Shraer commented on ZOOKEEPER-1045:
---------------------------------------------

You probably need a config file at least for initialization. Then, if you're 
able to load the database before leader election you may not need the config 
file anymore.
I don't remember how that works.

Its possible to reuse existing reconfig commands. But it may be better to add 
new flags for authentication rather than tie it with membership changes.
For example when you remove a server you don't necessarily want to remove its 
auth info because that would imply different semantics than what removal
means now. Currently removal doesn't shut it down and clients can gracefully 
migrate if they want to, we could also add it back in a different role (there 
one
scenario where this two step process is necessary to change roles).

But yeah, one can add more options to reconfig besides -add and -remove to 
handle authentication info, the question is whether this would save anything - 
I'm
heavily reusing the set and get APIs anyhow.


> Support Quorum Peer mutual authentication via SASL
> --------------------------------------------------
>
>                 Key: ZOOKEEPER-1045
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Eugene Koontz
>            Assignee: Rakesh R
>            Priority: Critical
>             Fix For: 3.4.10, 3.5.3
>
>         Attachments: 0001-ZOOKEEPER-1045-br-3-4.patch, 
> 1045_failing_phunt.tar.gz, HOST_RESOLVER-ZK-1045.patch, 
> TEST-org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.txt, 
> ZK-1045-test-case-failure-logs.zip, ZOOKEEPER-1045-00.patch, 
> ZOOKEEPER-1045-Rolling Upgrade Design Proposal.pdf, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045TestValidationDesign.pdf
>
>
> ZOOKEEPER-938 addresses mutual authentication between clients and servers. 
> This bug, on the other hand, is for authentication among quorum peers. 
> Hopefully much of the work done on SASL integration with Zookeeper for 
> ZOOKEEPER-938 can be used as a foundation for this enhancement.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to