You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@zookeeper.apache.org by shrikant kalani <sh...@gmail.com> on 2020/01/11 02:48:14 UTC
Authorisation in Zookeeper
Hi Zookeeper Users
I have implemented TLS authentication in my cluster. Right now the authentication is done based on host name (X509).
Now I want to implement authorisation based on user I’d like only my system account should be able to read write data to znodes.
How I can do that ? Is ACLs is the only solution ?
Thanks
Srikant Kalani
Sent from my iPhone
Re: Authorisation in Zookeeper
Posted by Arpit Jain <ja...@gmail.com>.
Which authorization scheme is used for this kind of authorization using
Unix user ids?
Thanks
On Sat, Jan 11, 2020, 1:05 PM Enrico Olivelli <eo...@gmail.com> wrote:
> Il giorno sab 11 gen 2020 alle ore 09:31 shrikant kalani <
> shrikantkalani@gmail.com> ha scritto:
>
> >
> > My system account means a client process running with unix user id.
> >
> > I want user A to have full access while all other users should only read
> > data from znodes.
> >
>
> Yes ACLs are your way to go
>
> Enrico
>
>
> >
> > Thanks
> > Srikant Kalani
> > Sent from my iPhone
> >
> > > On 11 Jan 2020, at 2:20 PM, Enrico Olivelli <eo...@gmail.com>
> wrote:
> > >
> > > Srikant
> > >
> > > Il sab 11 gen 2020, 03:48 shrikant kalani <sh...@gmail.com>
> ha
> > > scritto:
> > >
> > >> Hi Zookeeper Users
> > >>
> > >> I have implemented TLS authentication in my cluster. Right now the
> > >> authentication is done based on host name (X509).
> > >>
> > >> Now I want to implement authorisation based on user I’d like only my
> > >> system account should be able to read write data to znodes.
> > >>
> > >
> > > Can you define 'my system account'?
> > > Is your goal that only authenticated users are able to access data?
> > >
> > >
> > > Enrico
> > >
> > >>
> > >> How I can do that ? Is ACLs is the only solution ?
> > >>
> > >> Thanks
> > >> Srikant Kalani
> > >>
> > >> Sent from my iPhone
> >
>
Re: Authorisation in Zookeeper
Posted by Enrico Olivelli <eo...@gmail.com>.
Il giorno lun 13 gen 2020 alle ore 11:06 shrikant kalani <
shrikantkalani@gmail.com> ha scritto:
> Enrico ,
>
> Do you have some examples to show.
>
I am sorry, personally I don't examples, I am not a direct user of this
feature.
I hope others on the list can give practical examples
You can check the guide here
https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide
Enrico
>
> Right now my user is authenticated based on host level certs. How should
> I add the scheme and then add authorisation rule ?
>
> Thanks
> Srikant Kalani
>
> Sent from Mail for Windows 10
>
> From: Enrico Olivelli
> Sent: 11 January 2020 21:05
> To: UserZooKeeper
> Subject: Re: Authorisation in Zookeeper
>
> Il giorno sab 11 gen 2020 alle ore 09:31 shrikant kalani <
> shrikantkalani@gmail.com> ha scritto:
>
> >
> > My system account means a client process running with unix user id.
> >
> > I want user A to have full access while all other users should only read
> > data from znodes.
> >
>
> Yes ACLs are your way to go
>
> Enrico
>
>
> >
> > Thanks
> > Srikant Kalani
> > Sent from my iPhone
> >
> > > On 11 Jan 2020, at 2:20 PM, Enrico Olivelli <eo...@gmail.com>
> wrote:
> > >
> > > Srikant
> > >
> > > Il sab 11 gen 2020, 03:48 shrikant kalani <sh...@gmail.com>
> ha
> > > scritto:
> > >
> > >> Hi Zookeeper Users
> > >>
> > >> I have implemented TLS authentication in my cluster. Right now the
> > >> authentication is done based on host name (X509).
> > >>
> > >> Now I want to implement authorisation based on user I’d like only my
> > >> system account should be able to read write data to znodes.
> > >>
> > >
> > > Can you define 'my system account'?
> > > Is your goal that only authenticated users are able to access data?
> > >
> > >
> > > Enrico
> > >
> > >>
> > >> How I can do that ? Is ACLs is the only solution ?
> > >>
> > >> Thanks
> > >> Srikant Kalani
> > >>
> > >> Sent from my iPhone
> >
>
>
RE: Authorisation in Zookeeper
Posted by shrikant kalani <sh...@gmail.com>.
Enrico ,
Do you have some examples to show.
Right now my user is authenticated based on host level certs. How should I add the scheme and then add authorisation rule ?
Thanks
Srikant Kalani
Sent from Mail for Windows 10
From: Enrico Olivelli
Sent: 11 January 2020 21:05
To: UserZooKeeper
Subject: Re: Authorisation in Zookeeper
Il giorno sab 11 gen 2020 alle ore 09:31 shrikant kalani <
shrikantkalani@gmail.com> ha scritto:
>
> My system account means a client process running with unix user id.
>
> I want user A to have full access while all other users should only read
> data from znodes.
>
Yes ACLs are your way to go
Enrico
>
> Thanks
> Srikant Kalani
> Sent from my iPhone
>
> > On 11 Jan 2020, at 2:20 PM, Enrico Olivelli <eo...@gmail.com> wrote:
> >
> > Srikant
> >
> > Il sab 11 gen 2020, 03:48 shrikant kalani <sh...@gmail.com> ha
> > scritto:
> >
> >> Hi Zookeeper Users
> >>
> >> I have implemented TLS authentication in my cluster. Right now the
> >> authentication is done based on host name (X509).
> >>
> >> Now I want to implement authorisation based on user I’d like only my
> >> system account should be able to read write data to znodes.
> >>
> >
> > Can you define 'my system account'?
> > Is your goal that only authenticated users are able to access data?
> >
> >
> > Enrico
> >
> >>
> >> How I can do that ? Is ACLs is the only solution ?
> >>
> >> Thanks
> >> Srikant Kalani
> >>
> >> Sent from my iPhone
>
Re: Authorisation in Zookeeper
Posted by Enrico Olivelli <eo...@gmail.com>.
Il giorno sab 11 gen 2020 alle ore 09:31 shrikant kalani <
shrikantkalani@gmail.com> ha scritto:
>
> My system account means a client process running with unix user id.
>
> I want user A to have full access while all other users should only read
> data from znodes.
>
Yes ACLs are your way to go
Enrico
>
> Thanks
> Srikant Kalani
> Sent from my iPhone
>
> > On 11 Jan 2020, at 2:20 PM, Enrico Olivelli <eo...@gmail.com> wrote:
> >
> > Srikant
> >
> > Il sab 11 gen 2020, 03:48 shrikant kalani <sh...@gmail.com> ha
> > scritto:
> >
> >> Hi Zookeeper Users
> >>
> >> I have implemented TLS authentication in my cluster. Right now the
> >> authentication is done based on host name (X509).
> >>
> >> Now I want to implement authorisation based on user I’d like only my
> >> system account should be able to read write data to znodes.
> >>
> >
> > Can you define 'my system account'?
> > Is your goal that only authenticated users are able to access data?
> >
> >
> > Enrico
> >
> >>
> >> How I can do that ? Is ACLs is the only solution ?
> >>
> >> Thanks
> >> Srikant Kalani
> >>
> >> Sent from my iPhone
>
Re: Authorisation in Zookeeper
Posted by shrikant kalani <sh...@gmail.com>.
My system account means a client process running with unix user id.
I want user A to have full access while all other users should only read data from znodes.
Thanks
Srikant Kalani
Sent from my iPhone
> On 11 Jan 2020, at 2:20 PM, Enrico Olivelli <eo...@gmail.com> wrote:
>
> Srikant
>
> Il sab 11 gen 2020, 03:48 shrikant kalani <sh...@gmail.com> ha
> scritto:
>
>> Hi Zookeeper Users
>>
>> I have implemented TLS authentication in my cluster. Right now the
>> authentication is done based on host name (X509).
>>
>> Now I want to implement authorisation based on user I’d like only my
>> system account should be able to read write data to znodes.
>>
>
> Can you define 'my system account'?
> Is your goal that only authenticated users are able to access data?
>
>
> Enrico
>
>>
>> How I can do that ? Is ACLs is the only solution ?
>>
>> Thanks
>> Srikant Kalani
>>
>> Sent from my iPhone
Re: Authorisation in Zookeeper
Posted by Enrico Olivelli <eo...@gmail.com>.
Srikant
Il sab 11 gen 2020, 03:48 shrikant kalani <sh...@gmail.com> ha
scritto:
> Hi Zookeeper Users
>
> I have implemented TLS authentication in my cluster. Right now the
> authentication is done based on host name (X509).
>
> Now I want to implement authorisation based on user I’d like only my
> system account should be able to read write data to znodes.
>
Can you define 'my system account'?
Is your goal that only authenticated users are able to access data?
Enrico
>
> How I can do that ? Is ACLs is the only solution ?
>
> Thanks
> Srikant Kalani
>
> Sent from my iPhone