NB: there is currently *no* support for securing the quorum communication. The recent SSL patches only secure client/server connections.
Related: when do we expect quorum ssl to land? 3.6? On Fri, Aug 21, 2015 at 2:25 AM, Rakesh R <[email protected]> wrote: > Hi Daniel, > > >>>>>>> It says that Netty is available for SSL in 3.4... is that an error > in the documentation? > Netty is available from 3.4 onwards. But SSL support based on Netty > channel is only available only from 3.5.1 onwards. Unfortunately the > http://zookeeper.apache.org/doc/trunk/ docs is not reflecting the latest > changes from the project. It is quite old and last published on "10/08/2014 > 14:59:37". > > Below are some of the jira tasks related to understand Netty + SSL > development history. > ZOOKEEPER-2063, ZOOKEEPER-2120 - Umbrella jira issues > ZOOKEEPER-2119 - updated the zookeeper doc as part of this > > Secondly, for authentication zookeeper provides different auth schemes. > Please take a look at these available options. > 1) DigestAuthenticationProvider > 2) IPAuthenticationProvider > 3) SASLAuthenticationProvider (can use Kerberos) > 4) X509AuthenticationProvider (SSL) > > Reference : > > http://zookeeper.apache.org/doc/trunk/zookeeperProgrammers.html#sc_ZooKeeperPluggableAuthentication > https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL > > > +Rakesh > -----Original Message----- > From: Daniel Kashtan [mailto:[email protected]] > Sent: 21 August 2015 02:54 > To: [email protected] > Subject: Re: How to secure Zookeeper > > Thank you for the response. The SSL user guide is a great tutorial, but I > am using the latest stable release, 3.4.6. It does not have any Netty > capability, so I am out of luck? > > At this link: > > http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#Communication+using+the+Netty+framework > > It says that Netty is available for SSL in 3.4... is that an error in the > documentation? > > The guide on SASL bewilders me... also from the current docs I somehow > missed the section "Authentication & Authorization Options" at: > http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_authOptions > > This part of the documentation describes > "zookeeper.DigestAuthenticationProvider.superDigest"... > is that something I can use for authentication? > > On Thu, Aug 20, 2015 at 11:41 AM, Ivan Kelly <[email protected]> wrote: > > > > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+Us > > er+Guide#ZooKeeperSSLUserGuide-Quorum > > > > This wiki page contains a guide on ssl and auth. > > > > -Ivan > > > > On Thu, Aug 20, 2015 at 5:35 PM Daniel Kashtan <[email protected]> > > wrote: > > > > > Is it possible to authenticate users and use ssl for communication > > between > > > the Zookeeper server and its clients? > > > > > > -- > > > -Daniel > > > > > > > > > -- > -Daniel >
