You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by FPJ <fp...@yahoo.com> on 2014/03/11 17:40:28 UTC

SASL question

I was checking the ZooKeeper and SASL wiki page, and it mentions this
property:

 

requireClientAuthScheme

 

however, it seems that it is not implemented. I also checked ZK-938 and the
patch that got in seems to be missing not only the property, but the
functionality altogether. The comments seem to confirm this interpretation,
so I just wanted to make sure that my understanding is correct. Anyone?

 

-Flavio

Re: SASL question

Posted by Flavio Junqueira <fp...@yahoo.com>.

Sure, I've read the comments and checked the code. The problem is that the wiki page:

https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL

seems to imply that the "required..." option is available. I was then wondering if I was overlooking anything or if the wiki is forward-looking.

-Flavio


On 16 Mar 2014, at 05:26, Patrick Hunt <ph...@apache.org> wrote:

> Hi Flavio.
> 
> Eugene wrote the following as a comment to ZK-938, perhaps you could
> use this to update that wiki page:
> 
> -Removed requireClientAuthScheme: instead using
>   zookeeper.maintain_connection_despite_sasl_failure property to
>   accomplish the same thing (if maintain_connection_despite_sasl_failure=false,
>   then server will shut down client. Benjamin mentioned in his review
>   that requireClientAuthScheme is general functionality and would be
>   appropriate, but I thought that might better be a separate JIRA issue
>   if so.
> 
> Patrick
> 
> 
> On Tue, Mar 11, 2014 at 9:40 AM, FPJ <fp...@yahoo.com> wrote:
>> I was checking the ZooKeeper and SASL wiki page, and it mentions this
>> property:
>> 
>> 
>> 
>> requireClientAuthScheme
>> 
>> 
>> 
>> however, it seems that it is not implemented. I also checked ZK-938 and the
>> patch that got in seems to be missing not only the property, but the
>> functionality altogether. The comments seem to confirm this interpretation,
>> so I just wanted to make sure that my understanding is correct. Anyone?
>> 
>> 
>> 
>> -Flavio
>>

Re: SASL question

Posted by Patrick Hunt <ph...@apache.org>.

Hi Flavio.

Eugene wrote the following as a comment to ZK-938, perhaps you could
use this to update that wiki page:

-Removed requireClientAuthScheme: instead using
   zookeeper.maintain_connection_despite_sasl_failure property to
   accomplish the same thing (if maintain_connection_despite_sasl_failure=false,
   then server will shut down client. Benjamin mentioned in his review
   that requireClientAuthScheme is general functionality and would be
   appropriate, but I thought that might better be a separate JIRA issue
   if so.

Patrick


On Tue, Mar 11, 2014 at 9:40 AM, FPJ <fp...@yahoo.com> wrote:
> I was checking the ZooKeeper and SASL wiki page, and it mentions this
> property:
>
>
>
> requireClientAuthScheme
>
>
>
> however, it seems that it is not implemented. I also checked ZK-938 and the
> patch that got in seems to be missing not only the property, but the
> functionality altogether. The comments seem to confirm this interpretation,
> so I just wanted to make sure that my understanding is correct. Anyone?
>
>
>
> -Flavio
>