You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2019/10/10 10:40:00 UTC
[jira] [Commented] (SOLR-13673) Provide X509ZkAclProvider for X509
Zookeeper Authentication and ACLs
[ https://issues.apache.org/jira/browse/SOLR-13673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16948405#comment-16948405 ]
Jan Høydahl commented on SOLR-13673:
------------------------------------
Hi Jörn, have you looked further into this?
> Provide X509ZkAclProvider for X509 Zookeeper Authentication and ACLs
> --------------------------------------------------------------------
>
> Key: SOLR-13673
> URL: https://issues.apache.org/jira/browse/SOLR-13673
> Project: Solr
> Issue Type: Wish
> Security Level: Public(Default Security Level. Issues are Public)
> Components: SolrCloud
> Affects Versions: master (9.0), 8.2
> Reporter: Jörn Franke
> Priority: Major
>
> ZooKeeper supports X509 authentication and ACLs towards Zookeeper servers. It seems that when enabling SSL support in ZooKeeper 3.5.5 and ACLs only X509 ACLs are allowed and others (e.g. Kerberos Authentication and Kerberos ACLs with SSL communication enabled) are not possible (see also: https://issues.apache.org/jira/browse/ZOOKEEPER-3482).
> Furthermore, in highly automized cloud environments, large scale cloud search services or enterprise environments, X509 authentication and X509 ACLs could be an attractive alternative compared to Kerberos.
> Solr should thus support a X509ZkAclProivder for X509 Zookeeper Authentication and ACLs.
>
> See also:
> * Zookeeper X509 authentication provider: [https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide#ZooKeeperSSLUserGuide-X509AuthenticationProvider]
> * ZooKeeper Admin Guide: [https://zookeeper.apache.org/doc/r3.5.5/zookeeperAdmin.html#sc_authOptions]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org