[jira] [Updated] (ZOOKEEPER-938) Support Kerberos authentication of clients.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Benjamin Reed updated ZOOKEEPER-938: Hadoop Flags: [Reviewed] Support Kerberos authentication of clients. --- Key: ZOOKEEPER-938 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-938 Project: ZooKeeper Issue Type: New Feature Components: java client, server Reporter: Eugene Koontz Assignee: Eugene Koontz Fix For: 3.4.0, 3.5.0 Attachments: NIOServerCnxn.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, jaas.conf, sasl.patch Support Kerberos authentication of clients. The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients. 1. Admin logs into zookeeper (not necessarily through Kerberos however). 2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this. 3. Admin does: zk create /mynode content sasl:zkcli...@foofers.org:cdrwa 4. User 'zkclient' logins to kerberos using the command line utility 'kinit'. 5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain). 6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'. 7. User accesses /mynode with permissions 'cdrwa'. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-938) Support Kerberos authentication of clients.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eugene Koontz updated ZOOKEEPER-938: Attachment: ZOOKEEPER-938.patch -fix FindBugs warning related to constructor starting a thread. -don't throw IllegalArgumentException if /etc/krb5.conf not found (such as on Apache's Jenkins server). Support Kerberos authentication of clients. --- Key: ZOOKEEPER-938 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-938 Project: ZooKeeper Issue Type: New Feature Components: java client, server Reporter: Eugene Koontz Assignee: Eugene Koontz Fix For: 3.4.0, 3.5.0 Attachments: NIOServerCnxn.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, jaas.conf, sasl.patch Support Kerberos authentication of clients. The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients. 1. Admin logs into zookeeper (not necessarily through Kerberos however). 2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this. 3. Admin does: zk create /mynode content sasl:zkcli...@foofers.org:cdrwa 4. User 'zkclient' logins to kerberos using the command line utility 'kinit'. 5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain). 6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'. 7. User accesses /mynode with permissions 'cdrwa'. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-938) Support Kerberos authentication of clients.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eugene Koontz updated ZOOKEEPER-938: Attachment: ZOOKEEPER-938.patch Address Benjamin Reed's feedback: -Remove OpCode.sasl from Request.java since it's not needed there. -in ZooKeeperServer, move SASL-related server-side code into separate method processSasl() Support Kerberos authentication of clients. --- Key: ZOOKEEPER-938 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-938 Project: ZooKeeper Issue Type: New Feature Components: java client, server Reporter: Eugene Koontz Assignee: Eugene Koontz Fix For: 3.4.0, 3.5.0 Attachments: NIOServerCnxn.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, jaas.conf, sasl.patch Support Kerberos authentication of clients. The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients. 1. Admin logs into zookeeper (not necessarily through Kerberos however). 2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this. 3. Admin does: zk create /mynode content sasl:zkcli...@foofers.org:cdrwa 4. User 'zkclient' logins to kerberos using the command line utility 'kinit'. 5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain). 6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'. 7. User accesses /mynode with permissions 'cdrwa'. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-938) Support Kerberos authentication of clients.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eugene Koontz updated ZOOKEEPER-938: Attachment: ZOOKEEPER-938.patch fix 2 findbugs warnings introduced in last patch. Support Kerberos authentication of clients. --- Key: ZOOKEEPER-938 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-938 Project: ZooKeeper Issue Type: New Feature Components: java client, server Reporter: Eugene Koontz Assignee: Eugene Koontz Fix For: 3.4.0, 3.5.0 Attachments: NIOServerCnxn.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, jaas.conf, sasl.patch Support Kerberos authentication of clients. The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients. 1. Admin logs into zookeeper (not necessarily through Kerberos however). 2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this. 3. Admin does: zk create /mynode content sasl:zkcli...@foofers.org:cdrwa 4. User 'zkclient' logins to kerberos using the command line utility 'kinit'. 5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain). 6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'. 7. User accesses /mynode with permissions 'cdrwa'. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-938) Support Kerberos authentication of clients.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eugene Koontz updated ZOOKEEPER-938: Attachment: ZOOKEEPER-938.patch Create new classes: ZooKeeperSaslServer and ZooKeeperSaslClient to better encapsulate SASL-related functionality (for client and server respectively). Thanks to Benjamin Reed for his review at the Zookeeper Dev Meeting last week. Support Kerberos authentication of clients. --- Key: ZOOKEEPER-938 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-938 Project: ZooKeeper Issue Type: New Feature Components: java client, server Reporter: Eugene Koontz Assignee: Eugene Koontz Fix For: 3.4.0, 3.5.0 Attachments: NIOServerCnxn.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, jaas.conf, sasl.patch Support Kerberos authentication of clients. The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients. 1. Admin logs into zookeeper (not necessarily through Kerberos however). 2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this. 3. Admin does: zk create /mynode content sasl:zkcli...@foofers.org:cdrwa 4. User 'zkclient' logins to kerberos using the command line utility 'kinit'. 5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain). 6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'. 7. User accesses /mynode with permissions 'cdrwa'. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-938) Support Kerberos authentication of clients.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eugene Koontz updated ZOOKEEPER-938: Attachment: ZOOKEEPER-938.patch --no-prefix Support Kerberos authentication of clients. --- Key: ZOOKEEPER-938 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-938 Project: ZooKeeper Issue Type: New Feature Components: java client, server Reporter: Eugene Koontz Assignee: Eugene Koontz Fix For: 3.4.0, 3.5.0 Attachments: NIOServerCnxn.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, jaas.conf, sasl.patch Support Kerberos authentication of clients. The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients. 1. Admin logs into zookeeper (not necessarily through Kerberos however). 2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this. 3. Admin does: zk create /mynode content sasl:zkcli...@foofers.org:cdrwa 4. User 'zkclient' logins to kerberos using the command line utility 'kinit'. 5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain). 6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'. 7. User accesses /mynode with permissions 'cdrwa'. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-938) Support Kerberos authentication of clients.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eugene Koontz updated ZOOKEEPER-938: Attachment: ZOOKEEPER-938.patch Support Kerberos authentication of clients. --- Key: ZOOKEEPER-938 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-938 Project: ZooKeeper Issue Type: New Feature Components: java client, server Reporter: Eugene Koontz Assignee: Eugene Koontz Fix For: 3.4.0, 3.5.0 Attachments: NIOServerCnxn.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, jaas.conf, sasl.patch Support Kerberos authentication of clients. The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients. 1. Admin logs into zookeeper (not necessarily through Kerberos however). 2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this. 3. Admin does: zk create /mynode content sasl:zkcli...@foofers.org:cdrwa 4. User 'zkclient' logins to kerberos using the command line utility 'kinit'. 5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain). 6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'. 7. User accesses /mynode with permissions 'cdrwa'. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-938) Support Kerberos authentication of clients.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eugene Koontz updated ZOOKEEPER-938: Attachment: ZOOKEEPER-938.patch Support Kerberos authentication of clients. --- Key: ZOOKEEPER-938 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-938 Project: ZooKeeper Issue Type: New Feature Components: java client, server Reporter: Eugene Koontz Assignee: Eugene Koontz Fix For: 3.4.0, 3.5.0 Attachments: NIOServerCnxn.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, jaas.conf, sasl.patch Support Kerberos authentication of clients. The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients. 1. Admin logs into zookeeper (not necessarily through Kerberos however). 2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this. 3. Admin does: zk create /mynode content sasl:zkcli...@foofers.org:cdrwa 4. User 'zkclient' logins to kerberos using the command line utility 'kinit'. 5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain). 6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'. 7. User accesses /mynode with permissions 'cdrwa'. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-938) Support Kerberos authentication of clients.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eugene Koontz updated ZOOKEEPER-938: Attachment: ZOOKEEPER-938.patch Support Kerberos authentication of clients. --- Key: ZOOKEEPER-938 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-938 Project: ZooKeeper Issue Type: New Feature Components: java client, server Reporter: Eugene Koontz Assignee: Eugene Koontz Fix For: 3.4.0, 3.5.0 Attachments: NIOServerCnxn.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, jaas.conf, sasl.patch Support Kerberos authentication of clients. The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients. 1. Admin logs into zookeeper (not necessarily through Kerberos however). 2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this. 3. Admin does: zk create /mynode content sasl:zkcli...@foofers.org:cdrwa 4. User 'zkclient' logins to kerberos using the command line utility 'kinit'. 5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain). 6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'. 7. User accesses /mynode with permissions 'cdrwa'. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-938) Support Kerberos authentication of clients.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eugene Koontz updated ZOOKEEPER-938: Attachment: (was: ZOOKEEPER-938.patch) Support Kerberos authentication of clients. --- Key: ZOOKEEPER-938 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-938 Project: ZooKeeper Issue Type: New Feature Components: java client, server Reporter: Eugene Koontz Assignee: Eugene Koontz Fix For: 3.4.0, 3.5.0 Attachments: NIOServerCnxn.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, jaas.conf, sasl.patch Support Kerberos authentication of clients. The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients. 1. Admin logs into zookeeper (not necessarily through Kerberos however). 2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this. 3. Admin does: zk create /mynode content sasl:zkcli...@foofers.org:cdrwa 4. User 'zkclient' logins to kerberos using the command line utility 'kinit'. 5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain). 6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'. 7. User accesses /mynode with permissions 'cdrwa'. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (ZOOKEEPER-938) Support Kerberos authentication of clients.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mahadev konar updated ZOOKEEPER-938: Summary: Support Kerberos authentication of clients. (was: r) Support Kerberos authentication of clients. --- Key: ZOOKEEPER-938 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-938 Project: ZooKeeper Issue Type: New Feature Components: java client, server Reporter: Eugene Koontz Assignee: Eugene Koontz Fix For: 3.4.0 Attachments: NIOServerCnxn.patch, ZOOKEEPER-938.patch, ZOOKEEPER-938.patch, jaas.conf, sasl.patch Support Kerberos authentication of clients. The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients. 1. Admin logs into zookeeper (not necessarily through Kerberos however). 2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this. 3. Admin does: zk create /mynode content sasl:zkcli...@foofers.org:cdrwa 4. User 'zkclient' logins to kerberos using the command line utility 'kinit'. 5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain). 6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'. 7. User accesses /mynode with permissions 'cdrwa'. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
