You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Mohammad Arshad (Jira)" <ji...@apache.org> on 2019/09/25 16:00:00 UTC

[jira] [Created] (ZOOKEEPER-3558) Support authentication enforcement

Mohammad Arshad created ZOOKEEPER-3558:
------------------------------------------

             Summary: Support authentication enforcement
                 Key: ZOOKEEPER-3558
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3558
             Project: ZooKeeper
          Issue Type: New Feature
            Reporter: Mohammad Arshad
            Assignee: Mohammad Arshad
             Fix For: 3.5.7


Provide authentication enforcement in ZooKeeper that is backward compatible and can work for any authentication scheme, can work even with custom authentication schemes.

*Problems:*
1. Currently server is starting with default authentication providers(DigestAuthenticationProvider, IPAuthenticationProvider). These default authentication providers are not really secure.
2. ZooKeeper server is not checking whether authentication is done or not before performing any user operation.

*Solutions:*
1. We should not start any authentication provider by default. But this would be backward incompatible change. So we can provide configuration whether to start default authentication provides are not.
By default we can start these authentication providers.
2. Before any user operation server should check whether authentication happened or not. At least client must be authenticated with one authentication scheme.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)