Re: november 17 zk meetup (additional registration info required)
Will it be possible to share the presentations? On Wednesday, November 16, 2016, 12:04:45 PM PST, Benjamin Reed wrote:that is the plan. we will put a bluejeans link on the event page. infortunately, you'll miss out on the awesome food and swag :( On Wed, Nov 16, 2016 at 11:51 AM, Ibrahim El-sanosi (PGR) wrote: > Can we watch the event remotely? > > Sanosi > > -Original Message- > From: Benjamin Reed [mailto:br...@apache.org] > Sent: 16 November 2016 19:07 > To: user@zookeeper.apache.org; DevZooKeeper > Subject: november 17 zk meetup (additional registration info required) > > sorry for the late notice, but we have found out from security that we will > need an email and phone number to get you in without the usual visitor NDA. > if you are coming, please send an email to acon...@fb.com with that > information by tonight. > > if you forget to do this or decide to come at the last minute, you can still > attend, you will just need to sign the normal visitor NDA. > > also, please be sure to bring a photo id. > > hope to see you there! > ben > > ps. the event info is at https://www.facebook.com/events/1228722650504268/
Re: Multiple credentials associated with same principal?
Hello Patrick, Thanks for reply! That feature would be appreciated, but it's not what I had in mind, it would not be sufficient. I need a way to change credentials without ZK client or cluster downtime, ideally with no ACL changes. Option of configuring two valid passwords for same user would help - then I could along with old password configure new one, roll ZK cluster with new settings, and then gradually roll out new credentials to all different clients, later remove old expired password. In one ZK client app, both zkclient and curator client libraries are being used to access two different ZK subtrees. I managed to configure each client to set ACLs appropriate for each subtree, but I couldn't find way yet to configure each client with different user, with sasl scheme. So had to fallback to single user. Still ACLs are different in the two subtrees. One subtree allows world to read, and creator all permissions. Other subtree just allows creator all permissions. It would help with credentials expiration if I could instead of (creator, all permissions) ACLs, set (any authenticated user, all permissions) ACL, while still keeping ACL for first subtree that world can read it. If it was possible, I'd expire not only password but replace it with new user, and no changes to ACLs would be needed. Thinking again, even if it was possible to set such ACL (any authenticated user, all permissions) in ZK nodes, it wouldn't help me now, since I cannot configure it to all clients managing nodes in subtree, some have ACLs that they set hardcoded, would have to fork large OSS project which is not really an option, and making ACL configurable in that OSS project would take some time. Kind regards, Stevo Slavic. On Thu, Feb 2, 2017 at 4:39 PM, Patrick Hunt wrote: Hi Stevo, you might be talking about one of the following variants? (see the jiras linked to from this jira) https://issues.apache.org/jira/browse/ZOOKEEPER-1634 Patrick On Thu, Feb 2, 2017 at 4:38 AM, Stevo Slavić wrote: > Alternatively, is it possible to set ACL that would grant given permissions > to any successfully authenticated user? > > On Wed, Feb 1, 2017 at 1:16 PM, Stevo Slavić wrote: > > > Hello Apache ZooKeeper community, > > > > Is it valid in JAAS config file to associate more than one password per > > user, and if so, will ZooKeeper server authenticate user correctly if > > provided password matches any of the configured ones? > > > > Kind regards, > > Stevo Slavic. > > >
Re: Multiple credentials associated with same principal?
Hi Stevo, you might be talking about one of the following variants? (see the jiras linked to from this jira) https://issues.apache.org/jira/browse/ZOOKEEPER-1634 Patrick On Thu, Feb 2, 2017 at 4:38 AM, Stevo Slavić wrote: > Alternatively, is it possible to set ACL that would grant given permissions > to any successfully authenticated user? > > On Wed, Feb 1, 2017 at 1:16 PM, Stevo Slavić wrote: > > > Hello Apache ZooKeeper community, > > > > Is it valid in JAAS config file to associate more than one password per > > user, and if so, will ZooKeeper server authenticate user correctly if > > provided password matches any of the configured ones? > > > > Kind regards, > > Stevo Slavic. > > >
Re: CHANGES.txt?
+1 for removing the CHANGE.txt file. I agree to rely on source control (github) revision logs instead of CHANGE.txt moving forward. Note: Jira issue ZOOKEEPER-2672 will be used to remove this file. Thanks, Rakesh On Sat, Dec 17, 2016 at 3:59 AM, Michael Han wrote: > See https://www.mail-archive.com/dev@zookeeper.apache.org/msg37108.html > > I think there was no decision explicitly made but looks like every one was > OK to head towards the direction of removing CHANGE.TXT. > > On Fri, Dec 16, 2016 at 3:14 AM, Flavio Junqueira wrote: > > > Could anyone remind me of what we decided for CHANGES.txt? Are we > supposed > > to add resolved jiras to it or are we going to rely on the git log? > > > > I have committed ZK-761 to master without the change to CHANGES.txt, but > > then I noticed that some commits are going in with it, so I did it to the > > 3.5 branch. I want to know if I need to make it consistent or not. > > > > -Flavio > > > > > -- > Cheers > Michael. >
Re: Multiple credentials associated with same principal?
Alternatively, is it possible to set ACL that would grant given permissions to any successfully authenticated user? On Wed, Feb 1, 2017 at 1:16 PM, Stevo Slavić wrote: > Hello Apache ZooKeeper community, > > Is it valid in JAAS config file to associate more than one password per > user, and if so, will ZooKeeper server authenticate user correctly if > provided password matches any of the configured ones? > > Kind regards, > Stevo Slavic. >