Hi PMCs, I don't have permission to delete cwiki page. Presently, I have renamed our old sasl page to "https://cwiki.apache.org/confluence/display/ZOOKEEPER/ Zookeeper+and+SASL-Backup". Could you please delete this page from ZooKeeper project cwiki pages. Thanks!
Thanks, Rakesh On Mon, Jan 16, 2017 at 10:31 PM, Rakesh Radhakrishnan <rake...@apache.org> wrote: > Hi All, > > FYI, I'm planning to delete our existing "https://cwiki.apache.org/conf > luence/display/ZOOKEEPER/Zookeeper+and+SASL" web page by tomorrow (IST). > > Then rename https://cwiki.apache.org/confluence/display/ > ZOOKEEPER/ZooKeeper+and+SASL+authentication web page to " > https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL"; > in place of the deleted page. > > Please let me know if you have any comments. Thanks! > > Regards, > Rakesh > > On Tue, Dec 20, 2016 at 6:03 PM, Rakesh Radhakrishnan <rake...@apache.org> > wrote: > >> Like I mentioned at the beginning of this mail thread, presently I've >> maintained this original page as a history. How about deleting this old >> page now and rename the newly added "https://cwiki.apache.org/conf >> luence/display/ZOOKEEPER/ZooKeeper+and+SASL+authentication" in place of >> the old page? I think, that will help the existing webpages to continue >> referring to a valid cwiki ZK sasl page. Otw those links becomes stale. >> >> I could see many blogs, wiki already have a reference link to our >> existing "https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zooke >> eper+and+SASL" page. >> >> Following are few blogs/sites which has a reference to the ZK SASL page:- >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-38%3A+ >> ZooKeeper+Authentication >> http://blog.intelligencecomputing.io/security/12409/repost-z >> ookeeper-and-sasl >> >> Thanks, >> Rakesh >> >> >> On Tue, Dec 20, 2016 at 7:02 AM, Patrick Hunt <ph...@apache.org> wrote: >> >>> LGTM. Those changes are very helpful, thanks Rakesh! >>> >>> Patrick >>> >>> On Mon, Dec 19, 2016 at 12:04 PM, Rakesh Radhakrishnan < >>> rake...@apache.org> >>> wrote: >>> >>> > Thanks a lot Patrick Hunt for the review comments. Please take another >>> look >>> > at the wiki page when you get a chance. >>> > >>> > I've updated the wiki page addressing these,. >>> > >>> > 1) ===> DONE. Added JCE encryption part. >>> > 2) ===> DONE. Corrected case. >>> > 3) ===> DONE. Included version. >>> > 4) ===> DONE. Corrected numbering format. >>> > 5) ===> DONE. Added an example case to understand the tuning mechanism. >>> > 6) ===> DONE. I've removed this part because it can be discussed >>> separately >>> > and added if someone has a use case. >>> > 7) ===> DONE. Rephrased upgrade feature section >>> > >>> > Thanks, >>> > Rakesh >>> > >>> > On Wed, Dec 14, 2016 at 9:03 AM, Patrick Hunt <ph...@apache.org> >>> wrote: >>> > >>> > > Nice job Rakesh, some comments: >>> > > >>> > > 1) the appendix is a great idea, should be useful for many people. >>> One >>> > > thing I noticed >>> > > "There is no additional dependencies needed to use SASL with Java >>> since >>> > it >>> > > is part of the the Java Standard Edition." - you might want to >>> > mention/link >>> > > the JCE? The JVM doesn't come with very modern encryption - some of >>> the >>> > > distros use more strong encryption out of the box with kerberos. >>> I've run >>> > > into this a number of times (need to also install JCE). >>> > > >>> > > 2) consistently use "ZooKeeper" rather than "Zookeeper". Only noticed >>> > this >>> > > in a few places... >>> > > >>> > > 3) on client-server it would be good to mention when it was added >>> > (3.4.0+), >>> > > similar to what you did with 1045. >>> > > >>> > > 4) on "ZooKeeper SASL configurations" the numbering of the bullets >>> starts >>> > > at 2.1. and finishes at 2.4. I suspect the formatting didn't copy >>> over >>> > > quite right? >>> > > >>> > > 5) similar formatting issue for "# Defaulting to >>> > > 20quorum.cnxn.threads.size=20" >>> > > >>> > > Can we give any insight into how this value should be set? i.e. why >>> is 20 >>> > > the default and when should it be raised/lowered? >>> > > >>> > > 6) can the doc shed any light on why we are recommending >>> > > "javax.security.auth.useSubjectCredsOnly=false" ? I'm not familiar >>> with >>> > > this myself. >>> > > >>> > > 7) "This feature is supported in 3.4 branch" is ambiguous - perhaps >>> > > rephrase. What "feature" are you referring to, 1045 or to rolling >>> > upgrade? >>> > > Also the ref to 3.4 itself is ambiguous - perhaps change to 3.4.10+? >>> > > >>> > > These are some minor nits, overall impressive effort -- thanks again >>> > > Rakesh! >>> > > >>> > > Patrick >>> > > >>> > > >>> > > >>> > > On Tue, Dec 13, 2016 at 6:56 PM, Rakesh Radhakrishnan < >>> > rake...@apache.org> >>> > > wrote: >>> > > >>> > > > Hi All, >>> > > > >>> > > > I've incorporated ZK-1045 feature details into the Apache ZooKeeper >>> > > project >>> > > > cwiki. Since "ZooKeeper and SASL" section is quite large I've >>> splitted >>> > > > ZooKeeper client-server and server-server sections into sub-pages. >>> > Please >>> > > > read the following page, >>> > > > >>> > > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ >>> > > ZooKeeper+and+SASL+ >>> > > > authentication >>> > > > >>> > > > *ZooKeeper and SASL authentication* >>> > > > >>> > > > - Client-Server mutual authentication >>> > > > - Server-Server mutual authentication >>> > > > - Appendix: Kerberos, GSSAPI, SASL, and JAAS >>> > > > >>> > > > I have reused the content from the "Client-Server" and "Appendix" >>> > > sections >>> > > > from the existing page >>> > > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ >>> > Zookeeper+and+SASL >>> > > > Presently I've maintained this original page as a history, >>> probably we >>> > > need >>> > > > to delete this page after everyone agrees on the changes. >>> > > > >>> > > > Appreciate your feedback, thanks! >>> > > > >>> > > > Regards, >>> > > > Rakesh >>> > > > >>> > > >>> > >>> >> >> >
