You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@curator.apache.org by Stevo Slavić <ss...@gmail.com> on 2017/02/01 16:12:12 UTC

Configuring SASL scheme authorization

Hello Apache Curator community,

With digest scheme it seemed to be enough to configure
CuratorFrameworkFactory.Builder authorization with appropriate AuthInfo -
scheme "digest" and "user:pass" bytes as auth.

By experimenting and checking ZooKeeperServer [1] and
SASLAuthenticationProvider [2] code, I've got it work with SASL scheme when
CuratorFrameworkFactory.Builder does not have authorization configured,
JAAS config file is provisioned and JVM is configured to use it via
java.security.auth.login.config Java system property.

I'd prefer API support over provisioning via file. Is there equivalent (to
digest support) Java API in Curator that one can use to configure SASL
scheme authorization?

Kind regards,
Stevo Slavic.

[1]
http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/ZooKeeperServer.java?view=markup#l1060
[2]
http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/SASLAuthenticationProvider.java?view=markup#l30

Re: Configuring SASL scheme authorization

Posted by Cameron McKenzie <mc...@gmail.com>.

hey Stevo,
I'm not aware of any programmatic way to configure SASL stuff (but I've
never used it before, so I could be missing something).

I haven't looked at any security stuff in Java for a while. Does the
location of the JAAS configuration file have to be set via a system
property, or are there other options? While Curator could potentially be
extended to expose an API to set the JAAS configuration, if it's just
essentially setting a system property I'm not sure of the benefit.
Especially when it will have the side effect of modifying the JAAS
configuration for the whole JVM.

cheers
Cam

On Thu, Feb 2, 2017 at 3:12 AM, Stevo Slavić <ss...@gmail.com> wrote:

> Hello Apache Curator community,
>
> With digest scheme it seemed to be enough to configure
> CuratorFrameworkFactory.Builder authorization with appropriate AuthInfo -
> scheme "digest" and "user:pass" bytes as auth.
>
> By experimenting and checking ZooKeeperServer [1] and
> SASLAuthenticationProvider [2] code, I've got it work with SASL scheme when
> CuratorFrameworkFactory.Builder does not have authorization configured,
> JAAS config file is provisioned and JVM is configured to use it via
> java.security.auth.login.config Java system property.
>
> I'd prefer API support over provisioning via file. Is there equivalent (to
> digest support) Java API in Curator that one can use to configure SASL
> scheme authorization?
>
> Kind regards,
> Stevo Slavic.
>
> [1] http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/
> org/apache/zookeeper/server/ZooKeeperServer.java?view=markup#l1060
> [2] http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/
> org/apache/zookeeper/server/auth/SASLAuthenticationProvider.
> java?view=markup#l30
>