[jira] [Commented] (KAFKA-1695) Authenticate connection to Zookeeper

["Parth Brahmbhatt (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/KAFKA-1695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14623053#comment-14623053 ] 

Parth Brahmbhatt commented on KAFKA-1695:
-----------------------------------------

[~gwenshap] I have upgraded zkClient to 0.5 however for existing clusters trying to move to security the changes in 0.5 were not enough. I submitted a patch to zkClient to set and get Acls for existing paths and it has been committed to the trunk. https://github.com/sgroschupf/zkclient/commit/c5d1dd2373eab343d606a0797d58664c0ee4781d. 

ZkClient has not yet released a new version with that change so we will probably have to wait for the next release but once that is done [~gwenshap] if you don't mind I would like to take over this jira. I have already implemented setting acls and authentication to zookeeper as part of authorizer work. 

> Authenticate connection to Zookeeper
> ------------------------------------
>
>                 Key: KAFKA-1695
>                 URL: https://issues.apache.org/jira/browse/KAFKA-1695
>             Project: Kafka
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Jay Kreps
>            Assignee: Gwen Shapira
>
> We need to make it possible to secure the Zookeeper cluster Kafka is using. This would make use of the normal authentication ZooKeeper provides. ZooKeeper supports a variety of authentication mechanisms so we will need to figure out what has to be passed in to the zookeeper client.
> The intention is that when the current round of client work is done it should be possible to run without clients needing access to Zookeeper so all we need here is to make it so that only the Kafka cluster is able to read and write to the Kafka znodes  (we shouldn't need to set any kind of acl on a per-znode basis).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)