You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Rakesh R (JIRA)" <ji...@apache.org> on 2017/10/17 17:52:00 UTC

[jira] [Commented] (ZOOKEEPER-2793) [QP MutualAuth]: Build a mechanism to build "authzHosts" for dynamic reconfig servers

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16208025#comment-16208025 ] 

Rakesh R commented on ZOOKEEPER-2793:
-------------------------------------

Below is the proposal to add the {{authorized_hosts}} information to the ZK ensemble.

# Introduce reserved path : {{/zookeeper/authorized_hosts}}, which will store the host details like  {{"host1,host2,host3"}}. Before invoking the #reconfig call the authorized_hosts has to be updated with the newly joining hosts Validation logic will use these pre-authorized hosts and reject any host which doesn't exists in this list.
# Admin can update the authorized_hosts via ZooKeeper.setData("/zookeeper/authorized_hosts", ...) // user can call existing set/get/delete client APIs.
# Expose zkCli.sh commands for better user experience,
 - setAuthorizedHosts host1,host2
 - listAuthorizedHosts
 - delAuthorizedHosts host1,host2

[~phunt], IIRC, the above idea is same as we discussed some time back. Please feel free to edit if I missed anything. Thanks!

> [QP MutualAuth]: Build a mechanism to build "authzHosts" for dynamic reconfig servers
> -------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2793
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2793
>             Project: ZooKeeper
>          Issue Type: Sub-task
>          Components: quorum, security
>            Reporter: Rakesh R
>             Fix For: 3.5.4, 3.6.0
>
>
> {{QuorumServer}} will do the authorization checks against configured authorized hosts. During LE, QuorumLearner will send an authentication packet to QuorumServer. Now, QuorumServer will check that the connecting QuorumLearner’s hostname exists in the authorized hosts. If not exists then connecting peer is not authorized to join this ensemble and the request will be rejected immediately. 
> In {{branch-3.4}} building {{authzHosts}} list is pretty straight forward, can use the ensemble server details in zoo.cfg file. But with dynamic reconfig, it has to consider the dynamic add/remove/update servers and need to discuss the ways to handle dynamic cases.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)