Zookeeper authentication and authorization would help improve Giraph security. A Giraph job's interaction with Zookeeper happens within a job-unique Zookeeper directory. This Zookeeper directory should be secured against unauthorized access.
Zookeeper provides security through per-user authorization and SASL authentication. We should have Giraph jobs use SASL to authenticate themselves with Zookeeper and, upon authentication, set appropriate permissions on the Zookeeper job directory.
- depends upon
ZOOKEEPER-938 Support Kerberos authentication of clients.
- relates to
GIRAPH-211 Add secure authentication to Netty IPC