You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@zookeeper.apache.org by Leonard Kramer <le...@googlemail.com> on 2013/12/17 18:55:05 UTC
Deprecated AuthFastLeaderElection
Hello everybody,
I want to deploy a zookeeper-ensemble in a non-secure environment where
every instance is connected over non-seucre channels. So far I've
successfully added TLS-support to the inter-server communication.
My naive approch for upgrading the leader-communication to secure
tls-sockets fails and is also unacceptable slow.
My next guess was using the "AuthFastLeaderElection", but I can't find any
information why this class is deprecated.
So I have basically two questions:
1. Why is AuthFastLeaderElection deprecated?
2. Are there currently any alternatives for securing the LeaderElection? My
basic requirements are integrity and authencity not necessarily encryption.
Has somebody successfully secured the leaderelection by using tools like
stunnel?
Thanks and happy holidays
Leo
RE: Deprecated AuthFastLeaderElection
Posted by Flavio Junqueira <fp...@yahoo.com>.
Hi Leo,
AuthFLE implements a simple challenge-response protocol and if I remember
correctly it uses UDP. We haven't been maintaining that LE implementation
because no one at the time seemed interested in having that implementation
of leader election and making sure that all flavors work is a pain, that's
why it is deprecated.
Are you convinced that it does what you need or you're just exploring at
this point? I'm not aware of folks securing leader election communication,
but that doesn't mean no one is doing it.
-Flavio
-----Original Message-----
From: Leonard Kramer [mailto:leonard.alexander.kramer@googlemail.com]
Sent: Tuesday, December 17, 2013 5:55 PM
To: user@zookeeper.apache.org
Subject: Deprecated AuthFastLeaderElection
Hello everybody,
I want to deploy a zookeeper-ensemble in a non-secure environment where
every instance is connected over non-seucre channels. So far I've
successfully added TLS-support to the inter-server communication.
My naive approch for upgrading the leader-communication to secure
tls-sockets fails and is also unacceptable slow.
My next guess was using the "AuthFastLeaderElection", but I can't find any
information why this class is deprecated.
So I have basically two questions:
1. Why is AuthFastLeaderElection deprecated?
2. Are there currently any alternatives for securing the LeaderElection? My
basic requirements are integrity and authencity not necessarily encryption.
Has somebody successfully secured the leaderelection by using tools like
stunnel?
Thanks and happy holidays
Leo