[jira] [Commented] (BOOKKEEPER-390) Provide support for ZooKeeper authentication

Thu, 08 Sep 2016 00:37:16 -0700 

    [ 
https://issues.apache.org/jira/browse/BOOKKEEPER-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15473101#comment-15473101
 ] 

Enrico Olivelli commented on BOOKKEEPER-390:
--------------------------------------------

I'm very interested in this topic, my need is to set an ACL to every zk node 
managed by zookeeper in order to protect bookkeper metadata from malicious 
"bookies", 
that is an attacker whats to register a malicious bookie and intercept private 
data coming from clients, or override bookie metadata in order to intercept 
client calls for existing ledgers

maybe we can consider to address this issue for 4.6.0 (that is a soon as 
possible after 4.5.0) ?

It the 4.5.0 takes too longtime I can work on a simple patch just to address 
this simple usecase for 4.5.0


> Provide support for ZooKeeper authentication
> --------------------------------------------
>
>                 Key: BOOKKEEPER-390
>                 URL: https://issues.apache.org/jira/browse/BOOKKEEPER-390
>             Project: Bookkeeper
>          Issue Type: New Feature
>          Components: bookkeeper-client, bookkeeper-server
>    Affects Versions: 4.0.0
>            Reporter: Rakesh R
>            Assignee: Rakesh R
>         Attachments: BOOKKEEPER-390-Acl-draftversion.patch, 
> BOOKKEEPER-390-Authentication-interfaces-draftversion.patch
>
>
> This JIRA adds support for protecting the state of Bookkeeper znodes on a 
> multi-tenant ZooKeeper cluster.
> Use case: When user tries to run a ZK cluster in multitenant mode,  where 
> more than one client service would like to share a single ZK service instance 
> (cluster). In this case the client services typically want to protect their 
> data (ZK znodes) from access by other services (tenants) on the cluster. Say 
> you are running BK, HBase or ZKFC instances, etc... having 
> authentication/authorization on the znodes is important for both security and 
> helping to ensure that services don't interact negatively (touch each other's 
> data).
> Presently Bookkeeper does not have support for authentication or 
> authorization while accessing to ZK. This should be added to the BK 
> clients/server that are accessing the ZK cluster. In general it means calling 
> addAuthInfo once after a session is established



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to