[jira] [Updated] (ZOOKEEPER-3558) Support authentication enforcement
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mate Szalay-Beko updated ZOOKEEPER-3558: Fix Version/s: (was: 3.5.10) > Support authentication enforcement > -- > > Key: ZOOKEEPER-3558 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3558 > Project: ZooKeeper > Issue Type: New Feature >Reporter: Mohammad Arshad >Assignee: Mohammad Arshad >Priority: Major > Attachments: ZOOKEEPER-3558-01.patch > > > Provide authentication enforcement in ZooKeeper that is backward compatible > and can work for any authentication scheme, can work even with custom > authentication schemes. > *Problems:* > 1. Currently server is starting with default authentication > providers(DigestAuthenticationProvider, IPAuthenticationProvider). These > default authentication providers are not really secure. > 2. ZooKeeper server is not checking whether authentication is done or not > before performing any user operation. > *Solutions:* > 1. We should not start any authentication provider by default. But this would > be backward incompatible change. So we can provide configuration whether to > start default authentication provides are not. > By default we can start these authentication providers. > 2. Before any user operation server should check whether authentication > happened or not. At least client must be authenticated with one > authentication scheme. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (ZOOKEEPER-3558) Support authentication enforcement
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mohammad Arshad updated ZOOKEEPER-3558: --- Attachment: ZOOKEEPER-3558-01.patch > Support authentication enforcement > -- > > Key: ZOOKEEPER-3558 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3558 > Project: ZooKeeper > Issue Type: New Feature >Reporter: Mohammad Arshad >Assignee: Mohammad Arshad >Priority: Major > Fix For: 3.5.7 > > Attachments: ZOOKEEPER-3558-01.patch > > > Provide authentication enforcement in ZooKeeper that is backward compatible > and can work for any authentication scheme, can work even with custom > authentication schemes. > *Problems:* > 1. Currently server is starting with default authentication > providers(DigestAuthenticationProvider, IPAuthenticationProvider). These > default authentication providers are not really secure. > 2. ZooKeeper server is not checking whether authentication is done or not > before performing any user operation. > *Solutions:* > 1. We should not start any authentication provider by default. But this would > be backward incompatible change. So we can provide configuration whether to > start default authentication provides are not. > By default we can start these authentication providers. > 2. Before any user operation server should check whether authentication > happened or not. At least client must be authenticated with one > authentication scheme. -- This message was sent by Atlassian Jira (v8.3.4#803005)
