Dmitrii. That approach sounds reasonable. Would you like to work on this? Are you looking for a reviewer/shepherd?
On Thu, Dec 6, 2018 at 11:28 AM Kishchukov, Dmitrii (NIH/NLM/NCBI) [C] < dmitrii.kishchu...@nih.gov> wrote: > Mesos allow using only digest authentication scheme for Zookeeper. Which > is bad because Zookeeper has quite a flexible security model. > It is easy to make you own authenticator with its own scheme name. > > To support fully Zookeeper authentication, Mesos has pass two items into > Zookeeper: > scheme and credentials. > credentials can have different format depending on authentication scheme. > For digest scheme it is ‘login:password’ > > All Mesos should do just pass scheme and credentials to Zookeeper. > > Another improvement might be be to configure credentials via file instead > of URI > > For example it can be two command line options: > --zk_auth_scheme and –zk_auth_credentials > > It can be used like this: > --zk_auth_scheme=some_custome_scheme –zk_auth_credentials=filename > > --zk_auth_credentials can just get all contents of the file as credentials > string. > > Class Authentication in Mesos already contains all that we need. The > problem is what Mesos pass to the constructor. > > > -- > > Dmitrii Kishchukov. > >
