(zookeeper) branch master updated: ZOOKEEPER-4889: Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode - doc change (ADDENDUM)

Tue, 26 Nov 2024 07:55:14 -0800 

This is an automated email from the ASF dual-hosted git repository.

andor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new 2ac76016e ZOOKEEPER-4889: Fallback to DIGEST-MD5 auth mech should be 
disabled in Fips mode - doc change (ADDENDUM)
2ac76016e is described below

commit 2ac76016ecb229b1057a9e3e0a15806a5b57057f
Author: Andor Molnár <[email protected]>
AuthorDate: Tue Nov 26 09:54:18 2024 -0600

    ZOOKEEPER-4889: Fallback to DIGEST-MD5 auth mech should be disabled in Fips 
mode - doc change (ADDENDUM)
    
    Reviewers: kezhuw, symat
    Author: anmolnar
    Closes #2214 from anmolnar/ZOOKEEPER-4889_doc
---
 zookeeper-docs/src/main/resources/markdown/zookeeperAdmin.md | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/zookeeper-docs/src/main/resources/markdown/zookeeperAdmin.md 
b/zookeeper-docs/src/main/resources/markdown/zookeeperAdmin.md
index 562d067d5..5f42bea59 100644
--- a/zookeeper-docs/src/main/resources/markdown/zookeeperAdmin.md
+++ b/zookeeper-docs/src/main/resources/markdown/zookeeperAdmin.md
@@ -1866,10 +1866,14 @@ and [SASL authentication for 
ZooKeeper](https://cwiki.apache.org/confluence/disp
 * *fips-mode* :
     (Java system property: **zookeeper.fips-mode**)
     **New in 3.8.2:**
-    Enable FIPS compatibility mode in ZooKeeper. If enabled, the custom trust 
manager (`ZKTrustManager`) that is used for 
-    hostname verification will be disabled in order to comply with FIPS 
requirements. As a consequence, hostname verification is not
-    available in the Quorum protocol, but still can be set in client-server 
communication. Default: **true** (3.9.0+), 
-    **false** (3.8.x)
+    Enable FIPS compatibility mode in ZooKeeper. If enabled, the following 
things will be changed in order to comply 
+    with FIPS requirements:
+    * Custom trust manager (`ZKTrustManager`) that is used for hostname 
verification will be disabled. As a consequence, 
+      hostname verification is not available in the Quorum protocol, but still 
can be set in client-server communication. 
+    * DIGEST-MD5 Sasl auth mechanism will be disabled in Quorum and ZooKeeper 
Sasl clients. Only GSSAPI (Kerberos)
+      can be used.
+    
+    Default: **true** (3.9.0+), **false** (3.8.x)
 
 <a name="Experimental+Options%2FFeatures"></a>

Reply via email to