You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by FPJ <fp...@yahoo.com> on 2014/03/11 17:40:28 UTC
SASL question
I was checking the ZooKeeper and SASL wiki page, and it mentions this
property:
requireClientAuthScheme
however, it seems that it is not implemented. I also checked ZK-938 and the
patch that got in seems to be missing not only the property, but the
functionality altogether. The comments seem to confirm this interpretation,
so I just wanted to make sure that my understanding is correct. Anyone?
-Flavio
Re: SASL question
Posted by Flavio Junqueira <fp...@yahoo.com>.
Sure, I've read the comments and checked the code. The problem is that the wiki page:
https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL
seems to imply that the "required..." option is available. I was then wondering if I was overlooking anything or if the wiki is forward-looking.
-Flavio
On 16 Mar 2014, at 05:26, Patrick Hunt <ph...@apache.org> wrote:
> Hi Flavio.
>
> Eugene wrote the following as a comment to ZK-938, perhaps you could
> use this to update that wiki page:
>
> -Removed requireClientAuthScheme: instead using
> zookeeper.maintain_connection_despite_sasl_failure property to
> accomplish the same thing (if maintain_connection_despite_sasl_failure=false,
> then server will shut down client. Benjamin mentioned in his review
> that requireClientAuthScheme is general functionality and would be
> appropriate, but I thought that might better be a separate JIRA issue
> if so.
>
> Patrick
>
>
> On Tue, Mar 11, 2014 at 9:40 AM, FPJ <fp...@yahoo.com> wrote:
>> I was checking the ZooKeeper and SASL wiki page, and it mentions this
>> property:
>>
>>
>>
>> requireClientAuthScheme
>>
>>
>>
>> however, it seems that it is not implemented. I also checked ZK-938 and the
>> patch that got in seems to be missing not only the property, but the
>> functionality altogether. The comments seem to confirm this interpretation,
>> so I just wanted to make sure that my understanding is correct. Anyone?
>>
>>
>>
>> -Flavio
>>
Re: SASL question
Posted by Patrick Hunt <ph...@apache.org>.
Hi Flavio.
Eugene wrote the following as a comment to ZK-938, perhaps you could
use this to update that wiki page:
-Removed requireClientAuthScheme: instead using
zookeeper.maintain_connection_despite_sasl_failure property to
accomplish the same thing (if maintain_connection_despite_sasl_failure=false,
then server will shut down client. Benjamin mentioned in his review
that requireClientAuthScheme is general functionality and would be
appropriate, but I thought that might better be a separate JIRA issue
if so.
Patrick
On Tue, Mar 11, 2014 at 9:40 AM, FPJ <fp...@yahoo.com> wrote:
> I was checking the ZooKeeper and SASL wiki page, and it mentions this
> property:
>
>
>
> requireClientAuthScheme
>
>
>
> however, it seems that it is not implemented. I also checked ZK-938 and the
> patch that got in seems to be missing not only the property, but the
> functionality altogether. The comments seem to confirm this interpretation,
> so I just wanted to make sure that my understanding is correct. Anyone?
>
>
>
> -Flavio
>