Re: november 17 zk meetup (additional registration info required)

[Rajiv Chittajallu]

Will it be possible to share the presentations?

On Wednesday, November 16, 2016, 12:04:45 PM PST, Benjamin Reed 
 wrote:that is the plan. we will put a bluejeans link on the 
event page.
infortunately, you'll miss out on the awesome food and swag :(

On Wed, Nov 16, 2016 at 11:51 AM, Ibrahim El-sanosi (PGR)
 wrote:
> Can we watch the event remotely?
>
> Sanosi
>
> -Original Message-
> From: Benjamin Reed [mailto:br...@apache.org]
> Sent: 16 November 2016 19:07
> To: user@zookeeper.apache.org; DevZooKeeper 
> Subject: november 17 zk meetup (additional registration info required)
>
> sorry for the late notice, but we have found out from security that we will 
> need an email and phone number to get you in without the usual visitor NDA. 
> if you are coming, please send an email to acon...@fb.com with that 
> information by tonight.
>
> if you forget to do this or decide to come at the last minute, you can still 
> attend, you will just need to sign the normal visitor NDA.
>
> also, please be sure to bring a photo id.
>
> hope to see you there!
> ben
>
> ps. the event info is at https://www.facebook.com/events/1228722650504268/

Re: Multiple credentials associated with same principal?

[Stevo Slavić]

Hello Patrick,

Thanks for reply! That feature would be appreciated, but it's not what I
had in mind, it would not be sufficient.

I need a way to change credentials without ZK client or cluster downtime,
ideally with no ACL changes. Option of configuring two valid passwords for
same user would help - then I could along with old password configure new
one, roll ZK cluster with new settings, and then gradually roll out new
credentials to all different clients, later remove old expired password.

In one ZK client app, both zkclient and curator client libraries are being
used to access two different ZK subtrees. I managed to configure each
client to set ACLs appropriate for each subtree, but I couldn't find way
yet to configure each client with different user, with sasl scheme. So had
to fallback to single user. Still ACLs are different in the two subtrees.
One subtree allows world to read, and creator all permissions. Other
subtree just allows creator all permissions. It would help with credentials
expiration if I could instead of (creator, all permissions) ACLs, set (any
authenticated user, all permissions) ACL, while still keeping ACL for first
subtree that world can read it. If it was possible, I'd expire not only
password but replace it with new user, and no changes to ACLs would be
needed.

Thinking again, even if it was possible to set such ACL (any authenticated
user, all permissions) in ZK nodes, it wouldn't help me now, since I cannot
configure it to all clients managing nodes in subtree, some have ACLs that
they set hardcoded, would have to fork large OSS project which is not
really an option, and making ACL configurable in that OSS project would
take some time.

Kind regards,
Stevo Slavic.



On Thu, Feb 2, 2017 at 4:39 PM, Patrick Hunt  wrote:

Hi Stevo, you might be talking about one of the following variants? (see
the jiras linked to from this jira)
https://issues.apache.org/jira/browse/ZOOKEEPER-1634

Patrick

On Thu, Feb 2, 2017 at 4:38 AM, Stevo Slavić  wrote:

> Alternatively, is it possible to set ACL that would grant given
permissions
> to any successfully authenticated user?
>
> On Wed, Feb 1, 2017 at 1:16 PM, Stevo Slavić  wrote:
>
> > Hello Apache ZooKeeper community,
> >
> > Is it valid in JAAS config file to associate more than one password per
> > user, and if so, will ZooKeeper server authenticate user correctly if
> > provided password matches any of the configured ones?
> >
> > Kind regards,
> > Stevo Slavic.
> >
>

Re: Multiple credentials associated with same principal?

[Patrick Hunt]

Hi Stevo, you might be talking about one of the following variants? (see
the jiras linked to from this jira)
https://issues.apache.org/jira/browse/ZOOKEEPER-1634

Patrick

On Thu, Feb 2, 2017 at 4:38 AM, Stevo Slavić  wrote:

> Alternatively, is it possible to set ACL that would grant given permissions
> to any successfully authenticated user?
>
> On Wed, Feb 1, 2017 at 1:16 PM, Stevo Slavić  wrote:
>
> > Hello Apache ZooKeeper community,
> >
> > Is it valid in JAAS config file to associate more than one password per
> > user, and if so, will ZooKeeper server authenticate user correctly if
> > provided password matches any of the configured ones?
> >
> > Kind regards,
> > Stevo Slavic.
> >
>

Re: CHANGES.txt?

[Rakesh Radhakrishnan]

+1 for removing the CHANGE.txt file.

I agree to rely on source control (github) revision logs instead of
CHANGE.txt moving forward.

Note: Jira issue ZOOKEEPER-2672 will be used to remove this file.

Thanks,
Rakesh


On Sat, Dec 17, 2016 at 3:59 AM, Michael Han  wrote:

> See https://www.mail-archive.com/dev@zookeeper.apache.org/msg37108.html
>
> I think there was no decision explicitly made but looks like every one was
> OK to head towards the direction of removing CHANGE.TXT.
>
> On Fri, Dec 16, 2016 at 3:14 AM, Flavio Junqueira  wrote:
>
> > Could anyone remind me of what we decided for CHANGES.txt? Are we
> supposed
> > to add resolved jiras to it or are we going to rely on the git log?
> >
> > I have committed ZK-761 to master without the change to CHANGES.txt, but
> > then I noticed that some commits are going in with it, so I did it to the
> > 3.5 branch. I want to know if I need to make it consistent or not.
> >
> > -Flavio
>
>
>
>
> --
> Cheers
> Michael.
>

Re: Multiple credentials associated with same principal?

[Stevo Slavić]

Alternatively, is it possible to set ACL that would grant given permissions
to any successfully authenticated user?

On Wed, Feb 1, 2017 at 1:16 PM, Stevo Slavić  wrote:

> Hello Apache ZooKeeper community,
>
> Is it valid in JAAS config file to associate more than one password per
> user, and if so, will ZooKeeper server authenticate user correctly if
> provided password matches any of the configured ones?
>
> Kind regards,
> Stevo Slavic.
>