[jira] [Commented] (ZOOKEEPER-2793) [QP MutualAuth]: Build a mechanism to build "authzHosts" for dynamic reconfig servers

Tue, 17 Oct 2017 10:52:58 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16208025#comment-16208025
 ] 

Rakesh R commented on ZOOKEEPER-2793:
-------------------------------------

Below is the proposal to add the {{authorized_hosts}} information to the ZK 
ensemble.

# Introduce reserved path : {{/zookeeper/authorized_hosts}}, which will store 
the host details like  {{"host1,host2,host3"}}. Before invoking the #reconfig 
call the authorized_hosts has to be updated with the newly joining hosts 
Validation logic will use these pre-authorized hosts and reject any host which 
doesn't exists in this list.
# Admin can update the authorized_hosts via 
ZooKeeper.setData("/zookeeper/authorized_hosts", ...) // user can call existing 
set/get/delete client APIs.
# Expose zkCli.sh commands for better user experience,
 - setAuthorizedHosts host1,host2
 - listAuthorizedHosts
 - delAuthorizedHosts host1,host2

[~phunt], IIRC, the above idea is same as we discussed some time back. Please 
feel free to edit if I missed anything. Thanks!

> [QP MutualAuth]: Build a mechanism to build "authzHosts" for dynamic reconfig 
> servers
> -------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2793
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2793
>             Project: ZooKeeper
>          Issue Type: Sub-task
>          Components: quorum, security
>            Reporter: Rakesh R
>             Fix For: 3.5.4, 3.6.0
>
>
> {{QuorumServer}} will do the authorization checks against configured 
> authorized hosts. During LE, QuorumLearner will send an authentication packet 
> to QuorumServer. Now, QuorumServer will check that the connecting 
> QuorumLearner’s hostname exists in the authorized hosts. If not exists then 
> connecting peer is not authorized to join this ensemble and the request will 
> be rejected immediately. 
> In {{branch-3.4}} building {{authzHosts}} list is pretty straight forward, 
> can use the ensemble server details in zoo.cfg file. But with dynamic 
> reconfig, it has to consider the dynamic add/remove/update servers and need 
> to discuss the ways to handle dynamic cases.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to