Hi,
I would like to set an ACL that lets every client to read the content of a node
and list its children, and forces every write (setData, create children...) to
be done by any authenticated user.
Something like "every one can read" and "only authenticated users can write"
I'm using SASL/Kerberos and Zookeeper 3.4.8, with the Java Client API
List<ACL> myACL = Arrays.<ACL>asList(
new ACL(ZooDefs.Perms.ALL, AUTH_IDS),
new ACL(ZooDefs.Perms.READ, ANYONE_ID_UNSAFE)
);
I'm trying to use the 'auth' scheme on setACL, but it is substituted by the
client ID
Another useful setup for me, with Kerberos, it would be to give access to the
nodes only to clients which as the same "user" in the pricipal
my principals look like
user/HOST1@REALM<mailto:user/HOST1@REALM>
user/HOST2@REALM<mailto:user/HOST2@REALM>
user/HOST3@REALM<mailto:user/HOST3@REALM>
My ACL would be ZooDefs.Perms.ALL to user/****@REALM<mailto:user/****@REALM>
is it possible ?
Another secondary question
I see that for digest auth you can set up a "super user"
https://community.hortonworks.com/articles/29900/zookeeper-using-superdigest-to-gain-full-access-to.html
I cannot get zookeeper.superUser system property to work with SASL/Kerberos
is it possible for SASL/Kerberos ?
Thank you
--
Enrico Olivelli
Software Development Manager @Diennea
Tel.: (+39) 0546 066100 - Int. 925
Viale G.Marconi 30/14 - 48018 Faenza (RA)
MagNews - E-mail Marketing Solutions
http://www.magnews.it
Diennea - Digital Marketing Solutions
http://www.diennea.com
________________________________
Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email
marketing! http://www.magnews.it/newsletter/
The information in this email is confidential and may be legally privileged. If
you are not the intended recipient please notify the sender immediately and
destroy this email. Any unauthorized, direct or indirect, disclosure, copying,
storage, distribution or other use is strictly forbidden.
