[jira] [Commented] (ZOOKEEPER-1045) Support Quorum Peer mutual authentication via SASL

Thu, 11 Aug 2016 20:45:46 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15418317#comment-15418317
 ] 

Rakesh R commented on ZOOKEEPER-1045:
-------------------------------------

Thank you [~ekoontz] for your interest in this feature. Please feel free to add 
your comments/questions.

It seems, the patch you are are referring is quite old one. Could you please 
use the latest patch 
[ZOOKEEPER-1045-br-3-4.patch|https://issues.apache.org/jira/secure/attachment/12817493/ZOOKEEPER-1045-br-3-4.patch].
 

{{HOST_RESOLVER-ZK-1045.patch}} is an independent patch, idea is to prepare 
{{QuorumServer}} kerberos principal by resolving the host address of ZK server 
to InetAddress.getLocalHost().getCanonicalHostName() and expects principal like 
{{zkquorum/ho...@example.com}}. This principal will be used by the quorum peer 
client to talk to quorum peer server during FLE. As you know, one can configure 
ZK server details as host name or ipaddress or fqdn. I'm planning to integrate 
this utility function into the main patch once I get a +1 vote for this 
approach.

> Support Quorum Peer mutual authentication via SASL
> --------------------------------------------------
>
>                 Key: ZOOKEEPER-1045
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Eugene Koontz
>            Assignee: Rakesh R
>            Priority: Critical
>             Fix For: 3.5.3, 3.4.10
>
>         Attachments: 0001-ZOOKEEPER-1045-br-3-4.patch, 
> 1045_failing_phunt.tar.gz, HOST_RESOLVER-ZK-1045.patch, 
> TEST-org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.txt, 
> ZK-1045-test-case-failure-logs.zip, ZOOKEEPER-1045-00.patch, 
> ZOOKEEPER-1045-Rolling Upgrade Design Proposal.pdf, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045TestValidationDesign.pdf
>
>
> ZOOKEEPER-938 addresses mutual authentication between clients and servers. 
> This bug, on the other hand, is for authentication among quorum peers. 
> Hopefully much of the work done on SASL integration with Zookeeper for 
> ZOOKEEPER-938 can be used as a foundation for this enhancement.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to