Undestanding the auth: scheme

[Enrico Olivelli - Diennea <en...@diennea.com>]

Hi,
I would like to set an ACL that lets every client to read the content of a node and list its children, and forces every write (setData, create children...) to be done to any authenticated user.
Something like "every one can read" and "only authenticated users can write"
I'm using SASL/Kerberos and Zookeeper 3.4.8, with the Java Client API

List<ACL> myACL = Arrays.<ACL>asList(
                new ACL(ZooDefs.Perms.ALL, AUTH_IDS),
new ACL(ZooDefs.Perms.READ, ANYONE_ID_UNSAFE)
            );

I'm trying to use the 'auth' scheme on setACL, but it is substituted by the client ID

Another useful setup for me, with Kerberos, it would be to give access to the nodes only to clients which as the same "user" in the pricipal
my principals look like
user/HOST1@REALM<ma...@REALM>
user/HOST2@REALM<ma...@REALM>
user/HOST3@REALM<ma...@REALM>

My ACL would be ZooDefs.Perms.ALL to user/****@REALM<ma...@REALM>

is it possible ?


Another secondary question
I see that for digest auth you can set up a "super user"
https://community.hortonworks.com/articles/29900/zookeeper-using-superdigest-to-gain-full-access-to.html

is it possible for SASL/Kerberos ?


Thank you



--
Enrico Olivelli
Software Development Manager @Diennea
Tel.: (+39) 0546 066100 - Int. 925
Viale G.Marconi 30/14 - 48018 Faenza (RA)

MagNews - E-mail Marketing Solutions
http://www.magnews.it
Diennea - Digital Marketing Solutions
http://www.diennea.com


________________________________

Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing! http://www.magnews.it/newsletter/

The information in this email is confidential and may be legally privileged. If you are not the intended recipient please notify the sender immediately and destroy this email. Any unauthorized, direct or indirect, disclosure, copying, storage, distribution or other use is strictly forbidden.