So, in case it's not clear, Deveraj's work doesn't involve ZK. Secure RPC doesn't care about ZK version.You might care about securing ZK with SASL auth if you are also running secure Hadoop (and HBase) -- I would -- but that would be up to you.
Best regards, - Andy Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White) ----- Original Message ----- > From: Andrew Purtell <[email protected]> > To: "[email protected]" <[email protected]> > Cc: > Sent: Thursday, April 19, 2012 9:41 AM > Subject: Re: requiring zookeeper 3.4.x in 0.96 > >> Only at runtime if you run secure hbase. >> St.Ack > > > Correct. > > Additionally there are two levels of HBase security, if you will: > > 1) RPC security: secure RPC engine, Kerberos authentication via SASL, > optional > wire encryption via SASL > > > 2) Coprocessor based access control at the HBase column family level > > You can opt for none, or #1 and not need to run ZK 3.4.x. > > Only if you opt for #1 and #2 (#2 requires #1), then you are strongly > recommended to run ZK 3.4.x. > Best regards, > > > - Andy > > > Problems worthy of attack prove their worth by hitting back. - Piet Hein (via > Tom White) > > > > ----- Original Message ----- >> From: Stack <[email protected]> >> To: [email protected] >> Cc: >> Sent: Thursday, April 19, 2012 6:46 AM >> Subject: Re: requiring zookeeper 3.4.x in 0.96 >> >> On Wed, Apr 18, 2012 at 3:44 PM, Ted Yu <[email protected]> wrote: >>> I want to mention the work Devaraj D is doing in HBASE-5732: merging > the >>> secure RPC engine. >>> >>> I think the implication of that work is zookeeper 3.4.x would be > required >>> for 0.96 >>> >> >> Only at runtime if you run secure hbase. >> St.Ack >> >
