[ https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15418317#comment-15418317 ]
Rakesh R commented on ZOOKEEPER-1045: ------------------------------------- Thank you [~ekoontz] for your interest in this feature. Please feel free to add your comments/questions. It seems, the patch you are are referring is quite old one. Could you please use the latest patch [ZOOKEEPER-1045-br-3-4.patch|https://issues.apache.org/jira/secure/attachment/12817493/ZOOKEEPER-1045-br-3-4.patch]. {{HOST_RESOLVER-ZK-1045.patch}} is an independent patch, idea is to prepare {{QuorumServer}} kerberos principal by resolving the host address of ZK server to InetAddress.getLocalHost().getCanonicalHostName() and expects principal like {{zkquorum/ho...@example.com}}. This principal will be used by the quorum peer client to talk to quorum peer server during FLE. As you know, one can configure ZK server details as host name or ipaddress or fqdn. I'm planning to integrate this utility function into the main patch once I get a +1 vote for this approach. > Support Quorum Peer mutual authentication via SASL > -------------------------------------------------- > > Key: ZOOKEEPER-1045 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045 > Project: ZooKeeper > Issue Type: New Feature > Components: server > Reporter: Eugene Koontz > Assignee: Rakesh R > Priority: Critical > Fix For: 3.5.3, 3.4.10 > > Attachments: 0001-ZOOKEEPER-1045-br-3-4.patch, > 1045_failing_phunt.tar.gz, HOST_RESOLVER-ZK-1045.patch, > TEST-org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.txt, > ZK-1045-test-case-failure-logs.zip, ZOOKEEPER-1045-00.patch, > ZOOKEEPER-1045-Rolling Upgrade Design Proposal.pdf, > ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, > ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, > ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, > ZOOKEEPER-1045TestValidationDesign.pdf > > > ZOOKEEPER-938 addresses mutual authentication between clients and servers. > This bug, on the other hand, is for authentication among quorum peers. > Hopefully much of the work done on SASL integration with Zookeeper for > ZOOKEEPER-938 can be used as a foundation for this enhancement. -- This message was sent by Atlassian JIRA (v6.3.4#6332)