[
https://issues.apache.org/jira/browse/ZOOKEEPER-2462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15646005#comment-15646005
]
Michael Han commented on ZOOKEEPER-2462:
----------------------------------------
I think this and ZOOKEEPER-1634 is trying to solve same problem.
> force authentication/authorization
> ----------------------------------
>
> Key: ZOOKEEPER-2462
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2462
> Project: ZooKeeper
> Issue Type: New Feature
> Components: server
> Reporter: Botond Hejj
> Priority: Minor
> Attachments: ZOOKEEPER-2462.patch, ZOOKEEPER-2462.patch
>
>
> This change introduces two new config options to force authorization and
> authentication:
> 1. disableWorldACL
> The purpose of this option is disable the builtin mechanism which authorizes
> everyone.
> If it is turned on than the world/anyone usage is ignored. ZooKeeper will not
> check operations based on world/anyone.
> This option is useful to force some kind of authorization mechanism. This
> restriction is useful in a strictly audited environment.
> 2. forceAuthentication
> If this option is turned on than ZooKeeper won't authorize any operation if
> the user has not authenticated either with SASL or with addAuth.
> There is way to enforce SASL authentication but currently there is no way to
> enforce authentication using the plugin mechanism. Enforcing authentication
> for that is more tricky since authentication can come any time later. This
> option doesn't drop the connection if there was no authentication. It is only
> throwing NoAuth for any operation until the Auth packet arrives.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
