[
https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15733923#comment-15733923
]
Michael Han commented on ZOOKEEPER-1045:
----------------------------------------
Sounds good. These captures the following up work to forward port 1045 to
master / 3.5.x. Just add one additional note, we talked about one issue
previously that Kerberos treats frequent login attempts as replay attacks, so
we'd need some code to deal with this. What Chris commented earlier:
bq. Hadoop's RPC framework handles this case with a brief backoff and retry to
work around the case of getting flagged as a replay attack.
This would need on both 3.4.x and 3.5 I think.
> Support Quorum Peer mutual authentication via SASL
> --------------------------------------------------
>
> Key: ZOOKEEPER-1045
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
> Project: ZooKeeper
> Issue Type: New Feature
> Components: quorum, security
> Reporter: Eugene Koontz
> Assignee: Rakesh R
> Priority: Critical
> Fix For: 3.4.10
>
> Attachments: 0001-ZOOKEEPER-1045-br-3-4.patch,
> 1045_failing_phunt.tar.gz, HOST_RESOLVER-ZK-1045.patch, QuorumPeer Mutual
> Authentication Via Sasl Feature Doc - 2016-Nov-10.pdf, QuorumPeer Mutual
> Authentication Via Sasl Feature Doc - 2016-Nov-25.pdf, QuorumPeer Mutual
> Authentication Via Sasl Feature Doc - 2016-Nov-29.pdf, QuorumPeer Mutual
> Authentication Via Sasl Feature Doc - 2016-Nov-30.pdf, QuorumPeer Mutual
> Authentication Via Sasl Feature Doc - 2016-Sep-25.pdf,
> TEST-org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.txt,
> ZK-1045-test-case-failure-logs.zip, ZOOKEEPER-1045 Test Plan.pdf,
> ZOOKEEPER-1045-00.patch, ZOOKEEPER-1045-Rolling Upgrade Design Proposal.pdf,
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch,
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch,
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch,
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch,
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch,
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch,
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch,
> ZOOKEEPER-1045TestValidationDesign.pdf,
> org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.testRollingUpgrade.log
>
>
> ZOOKEEPER-938 addresses mutual authentication between clients and servers.
> This bug, on the other hand, is for authentication among quorum peers.
> Hopefully much of the work done on SASL integration with Zookeeper for
> ZOOKEEPER-938 can be used as a foundation for this enhancement.
> Review board: https://reviews.apache.org/r/47354/
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
