Hi Leo, AuthFLE implements a simple challenge-response protocol and if I remember correctly it uses UDP. We haven't been maintaining that LE implementation because no one at the time seemed interested in having that implementation of leader election and making sure that all flavors work is a pain, that's why it is deprecated.
Are you convinced that it does what you need or you're just exploring at this point? I'm not aware of folks securing leader election communication, but that doesn't mean no one is doing it. -Flavio -----Original Message----- From: Leonard Kramer [mailto:[email protected]] Sent: Tuesday, December 17, 2013 5:55 PM To: [email protected] Subject: Deprecated AuthFastLeaderElection Hello everybody, I want to deploy a zookeeper-ensemble in a non-secure environment where every instance is connected over non-seucre channels. So far I've successfully added TLS-support to the inter-server communication. My naive approch for upgrading the leader-communication to secure tls-sockets fails and is also unacceptable slow. My next guess was using the "AuthFastLeaderElection", but I can't find any information why this class is deprecated. So I have basically two questions: 1. Why is AuthFastLeaderElection deprecated? 2. Are there currently any alternatives for securing the LeaderElection? My basic requirements are integrity and authencity not necessarily encryption. Has somebody successfully secured the leaderelection by using tools like stunnel? Thanks and happy holidays Leo
