[
https://issues.apache.org/jira/browse/ZOOKEEPER-2793?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Enrico Olivelli updated ZOOKEEPER-2793:
---------------------------------------
Fix Version/s: 3.5.7
> [QP MutualAuth]: Implement a mechanism to build "authzHosts" for dynamic
> reconfig servers
> -----------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-2793
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2793
> Project: ZooKeeper
> Issue Type: Sub-task
> Components: quorum, security
> Reporter: Rakesh R
> Assignee: Rakesh R
> Priority: Major
> Fix For: 3.6.0, 3.5.6, 3.5.7
>
>
> {{QuorumServer}} will do the authorization checks against configured
> authorized hosts. During LE, QuorumLearner will send an authentication packet
> to QuorumServer. Now, QuorumServer will check that the connecting
> QuorumLearner’s hostname exists in the authorized hosts. If not exists then
> connecting peer is not authorized to join this ensemble and the request will
> be rejected immediately.
> In {{branch-3.4}} building {{authzHosts}} list is pretty straight forward,
> can use the ensemble server details in zoo.cfg file. But with dynamic
> reconfig, it has to consider the dynamic add/remove/update servers and need
> to discuss the ways to handle dynamic cases.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
