Hi Daniel, >>>>>>> It says that Netty is available for SSL in 3.4... is that an error in >>>>>>> the documentation? Netty is available from 3.4 onwards. But SSL support based on Netty channel is only available only from 3.5.1 onwards. Unfortunately the http://zookeeper.apache.org/doc/trunk/ docs is not reflecting the latest changes from the project. It is quite old and last published on "10/08/2014 14:59:37".
Below are some of the jira tasks related to understand Netty + SSL development history. ZOOKEEPER-2063, ZOOKEEPER-2120 - Umbrella jira issues ZOOKEEPER-2119 - updated the zookeeper doc as part of this Secondly, for authentication zookeeper provides different auth schemes. Please take a look at these available options. 1) DigestAuthenticationProvider 2) IPAuthenticationProvider 3) SASLAuthenticationProvider (can use Kerberos) 4) X509AuthenticationProvider (SSL) Reference : http://zookeeper.apache.org/doc/trunk/zookeeperProgrammers.html#sc_ZooKeeperPluggableAuthentication https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL +Rakesh -----Original Message----- From: Daniel Kashtan [mailto:[email protected]] Sent: 21 August 2015 02:54 To: [email protected] Subject: Re: How to secure Zookeeper Thank you for the response. The SSL user guide is a great tutorial, but I am using the latest stable release, 3.4.6. It does not have any Netty capability, so I am out of luck? At this link: http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#Communication+using+the+Netty+framework It says that Netty is available for SSL in 3.4... is that an error in the documentation? The guide on SASL bewilders me... also from the current docs I somehow missed the section "Authentication & Authorization Options" at: http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_authOptions This part of the documentation describes "zookeeper.DigestAuthenticationProvider.superDigest"... is that something I can use for authentication? On Thu, Aug 20, 2015 at 11:41 AM, Ivan Kelly <[email protected]> wrote: > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+Us > er+Guide#ZooKeeperSSLUserGuide-Quorum > > This wiki page contains a guide on ssl and auth. > > -Ivan > > On Thu, Aug 20, 2015 at 5:35 PM Daniel Kashtan <[email protected]> > wrote: > > > Is it possible to authenticate users and use ssl for communication > between > > the Zookeeper server and its clients? > > > > -- > > -Daniel > > > -- -Daniel
