[jira] Commented: (ZOOKEEPER-938) support Kerberos Authentication

Fri, 04 Feb 2011 18:33:55 -0800 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12990884#comment-12990884
 ] 

Hadoop QA commented on ZOOKEEPER-938:
-------------------------------------

-1 overall.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12470334/ZOOKEEPER-938.patch
  against trunk revision 1062244.

    +1 @author.  The patch does not contain any @author tags.

    -1 tests included.  The patch doesn't appear to include any new or modified 
tests.
                        Please justify why no new tests are needed for this 
patch.
                        Also please list what manual steps were performed to 
verify this patch.

    -1 patch.  The patch command could not apply the patch.

Console output: 
https://hudson.apache.org/hudson/job/PreCommit-ZOOKEEPER-Build/119//console

This message is automatically generated.

> support Kerberos Authentication
> -------------------------------
>
>                 Key: ZOOKEEPER-938
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-938
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Eugene Koontz
>            Assignee: Eugene Koontz
>             Fix For: 3.4.0
>
>         Attachments: NIOServerCnxn.patch, ZOOKEEPER-938.patch, jaas.conf, 
> sasl.patch
>
>
> Support Keberos authentication of clients. 
> The following usage would let an admin use Kerberos authentication to assign 
> ACLs to authenticated clients.
> 1. Admin logs into zookeeper (not necessarily through Kerberos however). 
> 2. Admin decides that a new node called '/mynode' should be owned by the user 
> 'zkclient' and have full permissions on this.
> 3. Admin does: zk> create /mynode content kerb:[email protected]:x:cdrwa
> (note: for now, the dummy ':x' is a placeholder for the password, and is 
> required by the zk command parser. The user's actual password is not stored 
> within Zookeeper; simply put 'x' there.)
> 4. User 'zkclient' logins to kerberos using the command line utility 'kinit'.
> 5. User connects to zookeeper server using a Kerberos-enabled version of 
> zkClient (ZookeeperMain).
> 6. Behind the scenes, the client and server exchange authentication 
> information. User is now authenticated as 'zkclient'.
> 7. User accesses /mynode with permissions 'cdrwa'.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to