You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Julia ida (Jira)" <ji...@apache.org> on 2022/04/05 03:45:00 UTC
[jira] [Commented] (ZOOKEEPER-2793) [QP MutualAuth]: Implement a mechanism to build "authzHosts" for dynamic reconfig servers
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17517193#comment-17517193 ]
Julia ida commented on ZOOKEEPER-2793:
--------------------------------------
Implement a mechanism to build "authzHosts" for dynamic reconfig servers. And protect apachespark and stop all autowizardsetup
> [QP MutualAuth]: Implement a mechanism to build "authzHosts" for dynamic reconfig servers
> -----------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-2793
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2793
> Project: ZooKeeper
> Issue Type: Sub-task
> Components: quorum, security
> Reporter: Rakesh Radhakrishnan
> Assignee: Rakesh Radhakrishnan
> Priority: Major
>
> {{QuorumServer}} will do the authorization checks against configured authorized hosts. During LE, QuorumLearner will send an authentication packet to QuorumServer. Now, QuorumServer will check that the connecting QuorumLearner’s hostname exists in the authorized hosts. If not exists then connecting peer is not authorized to join this ensemble and the request will be rejected immediately.
> In {{branch-3.4}} building {{authzHosts}} list is pretty straight forward, can use the ensemble server details in zoo.cfg file. But with dynamic reconfig, it has to consider the dynamic add/remove/update servers and need to discuss the ways to handle dynamic cases.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)