[
https://issues.apache.org/jira/browse/ZOOKEEPER-896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15412486#comment-15412486
]
Hadoop QA commented on ZOOKEEPER-896:
-------------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12820974/ZOOKEEPER-896.patch
against trunk revision 1755379.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 6 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac
compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3)
warnings.
-1 release audit. The applied patch generated 1 release audit warnings
(more than the trunk's current 0 warnings).
-1 core tests. The patch failed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3336//testReport/
Release audit warnings:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3336//artifact/trunk/patchprocess/patchReleaseAuditProblems.txt
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3336//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3336//console
This message is automatically generated.
> Improve client to support dynamic authentication schemes
> --------------------------------------------------------
>
> Key: ZOOKEEPER-896
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-896
> Project: ZooKeeper
> Issue Type: Improvement
> Components: c client, java client
> Reporter: Botond Hejj
> Assignee: Botond Hejj
> Fix For: 3.5.3, 3.6.0
>
> Attachments: NIOServerCnxn.patch, ZOOKEEPER-896.patch,
> ZOOKEEPER-896.patch, ZOOKEEPER-896.patch, ZOOKEEPER-896.patch,
> ZOOKEEPER-896.patch
>
>
> When we started exploring zookeeper for our requirements we found the
> authentication mechanism is not flexible enough.
> We want to use kerberos for authentication but using the current API we ran
> into a few problems. The idea is that we get a kerberos token on the client
> side and than send that token to the server with a kerberos scheme. A server
> side authentication plugin can use that token to authenticate the client and
> also use the token for authorization.
> We ran into two problems with this approach:
> 1. A different kerberos token is needed for each different server that client
> can connect to since kerberos uses mutual authentication. That means when the
> client acquires this kerberos token it has to know which server it connects
> to and generate the token according to that. The client currently can't
> generate a token for a specific server. The token stored in the auth_info is
> used for all the servers.
> 2. The kerberos token might have an expiry time so if the client loses the
> connection to the server and than it tries to reconnect it should acquire a
> new token. That is not possible currently since the token is stored in
> auth_info and reused for every connection.
> The problem can be solved if we allow the client to register a callback for
> authentication instead a static token. This can be a callback with an
> argument which passes the current host string. The zookeeper client code
> could call this callback before it sends the authentication info to the
> server to get a fresh server specific token.
> This would solve our problem with the kerberos authentication and also could
> be used for other more dynamic authentication schemes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
