> I think that the stunnel suggestion actually covers what you want here.
> You can set stunnel up so that it listens to a known port and it decrypts
> and forwards traffic to the local zookeeper client port. You can guarantee
> that no direct connections are possible to the zookeeper in a variety of
> ways, the simplest being a change to zookeeper to allow it to insist that
> all connections be from localhost.
> Stunnel can also insist on client certificates so that only approved clients
> would be able to connect.
Indeed, this would cover it reasonably well. I'd still prefer to have
ZooKeeper itself protecting against unauthorized access to its service
so that the deployment would be simpler, but the stunnel solution
should give me a good path without having to invest in patching
ZooKeeper for a while.
Thanks again for the suggestions.