You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@bookkeeper.apache.org by "Flavio Junqueira (JIRA)" <ji...@apache.org> on 2012/10/24 17:06:12 UTC
[jira] [Comment Edited] (BOOKKEEPER-390) Provide support for
ZooKeeper authentication
[ https://issues.apache.org/jira/browse/BOOKKEEPER-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13483285#comment-13483285 ]
Flavio Junqueira edited comment on BOOKKEEPER-390 at 10/24/12 3:05 PM:
-----------------------------------------------------------------------
I'd like to ask a couple of questions just for my own understanding, it is not (yet) a criticism to this approach:
# When creating a bookkeeper object, we have the option of passing a zookeeper object. What if we require that, in the case of zookeeper authentication enabled, the application creates a zookeeper object before using bookkeeper?
# We are moving towards having a MetaStore interface (BOOKKEEPER-204) so that we can use different backends to store metadata. Should we be looking into implementing a more general approach that fits into the MetaStore interface and enables authentication for anything that supports SASL?
was (Author: fpj):
I'd like to ask a couple of questions just for my own understanding, it is not (yet) a criticism to this approach:
# When creating a bookkeeper object, we have the option of passing a zookeeper object. What if we require that, in the case of zookeeper authentication enabled, the application creates a zookeeper object before using bookkeeper?
# We are moving towards having a MetaStore interface (BOOKKEEPER-204) so that we can use different backends to store metadata. Should we be looking into implementing a more general approach that fits into the MetaStore interface an enables authentication anything that supports SASL?
> Provide support for ZooKeeper authentication
> --------------------------------------------
>
> Key: BOOKKEEPER-390
> URL: https://issues.apache.org/jira/browse/BOOKKEEPER-390
> Project: Bookkeeper
> Issue Type: New Feature
> Components: bookkeeper-client, bookkeeper-server
> Affects Versions: 4.0.0
> Reporter: Rakesh R
> Assignee: Rakesh R
> Attachments: BOOKKEEPER-390-Acl-draftversion.patch
>
>
> This JIRA adds support for protecting the state of Bookkeeper znodes on a multi-tenant ZooKeeper cluster.
> Use case: When user tries to run a ZK cluster in multitenant mode, where more than one client service would like to share a single ZK service instance (cluster). In this case the client services typically want to protect their data (ZK znodes) from access by other services (tenants) on the cluster. Say you are running BK, HBase or ZKFC instances, etc... having authentication/authorization on the znodes is important for both security and helping to ensure that services don't interact negatively (touch each other's data).
> Presently Bookkeeper does not have support for authentication or authorization while accessing to ZK. This should be added to the BK clients/server that are accessing the ZK cluster. In general it means calling addAuthInfo once after a session is established
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira