Mohammad Arshad created ZOOKEEPER-3558:
------------------------------------------
Summary: Support authentication enforcement
Key: ZOOKEEPER-3558
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3558
Project: ZooKeeper
Issue Type: New Feature
Reporter: Mohammad Arshad
Assignee: Mohammad Arshad
Fix For: 3.5.7
Provide authentication enforcement in ZooKeeper that is backward compatible and
can work for any authentication scheme, can work even with custom
authentication schemes.
*Problems:*
1. Currently server is starting with default authentication
providers(DigestAuthenticationProvider, IPAuthenticationProvider). These
default authentication providers are not really secure.
2. ZooKeeper server is not checking whether authentication is done or not
before performing any user operation.
*Solutions:*
1. We should not start any authentication provider by default. But this would
be backward incompatible change. So we can provide configuration whether to
start default authentication provides are not.
By default we can start these authentication providers.
2. Before any user operation server should check whether authentication
happened or not. At least client must be authenticated with one authentication
scheme.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
