HI Gustavo,
 > or is the idea that you simply allow the
> client to connect, but prevent it from touching any node at all using
> ACLs?
Yes.

  The auth plugin  works at the znode level . The server side authentication
I was talking about is just to verify the authentication for a zookeeper
client for creating/reading/changing znodes in ZooKeeper. So, if you want it
to work at the server level, you will have to add authentication to all the
znodes that you create in ZooKeeper, so non authenticated clients would not
be able to read anything in ZooKeeper. If you create znodes with no auths,
clients without authentication might be able to read it.


Hope this answers your question.
Thanks
mahadev

On 6/16/09 9:57 AM, "Gustavo Niemeyer" <gust...@niemeyer.net> wrote:

> Hello there,
> 
> I'm an interested newcomer to ZooKeeper, so please forgive me if I
> miss some important basic detail.
> 
> I actually had the same high-level question than the original poster,
> so I'm interested in the response too.
> 
>>  There is a jira open to document this in our forrest docs -
>> 
>> http://issues.apache.org/jira/browse/ZOOKEEPER-329.
>> 
>> Ill try and explain how to do in the email, feel free to respond with more
>> questions. The c and java api both have a call called add_auth/addAuth to
>> add authentication data for a client. Also, you can write pulgins at the
>> server side to verify this authentication. Take a look at files in
>> src/java/main/org/apache/zookeeper/server/auth/.
> 
> Oh, interesting.  So the auth plugin API works both at the node level
> and at the server level, or is the idea that you simply allow the
> client to connect, but prevent it from touching any node at all using
> ACLs?

Reply via email to