Hi, OK. 3.5.x are still alpha or being beta version, when will the formal stable version release, can you foresee? Thanks.
BRs/Faxin -----Original Message----- From: Michael Han [mailto:[email protected]] Sent: den 15 december 2016 19:48 To: UserZooKeeper <[email protected]> Subject: Re: security >> is there any plan to support SSL There is ZOOKEEPER-1000 <https://issues.apache.org/jira/browse/ZOOKEEPER-1000>, but no one is actively pushing this. >> Does zookeeper provide KDC HA as off-shelf support? HA of KDC is not part of ZooKeeper's responsibility. KDC has its own HA solutions (i.e. through master slave replication). The test report is a record of what's done for the purpose of testing, and is not a reference for a product deployment. On Thu, Dec 15, 2016 at 2:34 AM, FaXin Zhong <[email protected]> wrote: > Hi, > > Many thanks for the info. For the server-server communication, is > there any plan to support SSL as well? We better have one security > approach for client and server. > > The test report mentions installing the KDC on sever 1, how to secure > the KDC HA? Does zookeeper provide KDC HA as off-shelf support? > > BRs/Faxin > > -----Original Message----- > From: Rakesh Radhakrishnan [mailto:[email protected]] > Sent: den 14 december 2016 14:24 > To: [email protected] > Subject: Re: security > > Hi, > > Adding one more point to the above. Please refer the test report here, > https://goo.gl/qNR45M > > Both the issues mentioned in the report has been discussed. > Problem-1) This has been taken care and corrected the document > Problem-2) This is a deployment mistake. Please go through the > analysis section and has to be taken care during deployment. > > Thanks, > Rakesh > > On Wed, Dec 14, 2016 at 6:41 PM, Rakesh Radhakrishnan > <[email protected]> > wrote: > > > 1 => AFAIK, there are many companies adopted 3.5.x latest alpha > > version and no major issues reported so far. I hope beta release > > will be out soon at the first quarter of next year if there is no > > blockers/critical issues by anyone. IIUC, 3.5.3 release discussion > > is in progress. Probably, you can do a trial run and start > > analyzing/understanding the changes in 3.5.x latest version > (3.5.2-alpha) for smooth adoption to your eco system. > > > > 2 => Thanks for the interest on this feature. This work has been > > committed into the branch 3.4 recently(two weeks back) and planning > > 3.4.10 release asap including this feature. Again, the release > discussion is in progress. > > This feature has been tested by multiple folks and the test reports > > are available. Please go through the below links to understand more > > on > this. > > I'd really appreciate if you could test this feature and publish > feedback. > > Thanks! Please feel free to contact or discuss issues, some of us > > will help you. There are plans to forward port this feature to > > branch 3.5 via > > ZOOKEEPER-2639 task. > > > > https://qnalist.com/questions/7332914/test-plan-for-zk-1045- > > call-for-volunteers > > https://issues.apache.org/jira/secure/attachment/12834567/ZO > > OKEEPER-1045%20Test%20Plan.pdf - The problems mentioned in this test > > report is already taken care. > > > > Feature documentation is getting ready and draft version is > > available > here. > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKee > > per+and+SASL+authentication > > Documentation review is going on. > > > > Regards, > > Rakesh > > > > On Wed, Dec 14, 2016 at 5:54 PM, FaXin Zhong > > <[email protected]> > > wrote: > > > >> Hi, > >> > >> Our product is using zookeeper. I have some security questions > >> about zookeeper as below. > >> > >> > >> 1. We want to use ssl for the client-server communication, > >> zookeeper supports it since 3.5.1, while it's alpha version, is it > >> OK to upgrade zookeeper to 3.5.1 or latest? We are currently using > >> 3.4.8 for customers. > >> > >> > >> 2. Does zookeeper support server-server secure communication as > >> well? Or any plan? I don't find it in zookeeper documents, but > >> found some JIRA stuff > >> "ZOOKEEPER-1045<https://issues.apache.org/jira/browse/ZOOKEE > >> PER-1045> covers server-server mutual authentication by SASL", what > >> PER-1045> do > >> you think of it for commercial usage? > >> > >> > >> Thanks a lot! > >> > >> BRs/Faxin > >> > > > > > -- Cheers Michael.
