[
https://issues.apache.org/jira/browse/BOOKKEEPER-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13655352#comment-13655352
]
Rakesh R commented on BOOKKEEPER-390:
-------------------------------------
Thanks All. I'd like to take this jira forward and attached latest patch, which
tries to define few Auth interfaces.
This is just a draft version to take the discussion ahead, if everyone agrees
will integrate to the actual code with test cases.
- How does it works in Bookkeeper client side
Clients will set the respective AuthenticationScheme in the
ClientConfiguration, now the Bookkeeper client can create the scheme and pass
it to the LedgerManagerFactory, like
{code}
LedgerManagerFactory.initialize(conf, zk, factoryVersion, authScheme);
{code}
here ledgermanager will gets the ACL according to the AuthMode needs and pass
this ACLs to the znode creation time.
- How does it works in Bookie server side
Add new configuration in bk_server.conf
#authenticationSchemeClass=org.apache.bookkeeper.auth.SaslAuthicationScheme
While bookie startup, through reflection will create the scheme and will be
used by the bookie registration, cookie creations.
> Provide support for ZooKeeper authentication
> --------------------------------------------
>
> Key: BOOKKEEPER-390
> URL: https://issues.apache.org/jira/browse/BOOKKEEPER-390
> Project: Bookkeeper
> Issue Type: New Feature
> Components: bookkeeper-client, bookkeeper-server
> Affects Versions: 4.0.0
> Reporter: Rakesh R
> Assignee: Rakesh R
> Attachments: BOOKKEEPER-390-Acl-draftversion.patch,
> BOOKKEEPER-390-Authentication-interfaces-draftversion.patch
>
>
> This JIRA adds support for protecting the state of Bookkeeper znodes on a
> multi-tenant ZooKeeper cluster.
> Use case: When user tries to run a ZK cluster in multitenant mode, where
> more than one client service would like to share a single ZK service instance
> (cluster). In this case the client services typically want to protect their
> data (ZK znodes) from access by other services (tenants) on the cluster. Say
> you are running BK, HBase or ZKFC instances, etc... having
> authentication/authorization on the znodes is important for both security and
> helping to ensure that services don't interact negatively (touch each other's
> data).
> Presently Bookkeeper does not have support for authentication or
> authorization while accessing to ZK. This should be added to the BK
> clients/server that are accessing the ZK cluster. In general it means calling
> addAuthInfo once after a session is established
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
