Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3558

Support authentication enforcement

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: 3.5.10
    • Component/s: None
    • Labels:
      None
    • Release Note:
      Hide
      ZOOKEEPER-3561 implemented this jira functionality in master branch. Won't Fix in branch-3.5
      Show
      ZOOKEEPER-3561 implemented this jira functionality in master branch. Won't Fix in branch-3.5

      Description

      Provide authentication enforcement in ZooKeeper that is backward compatible and can work for any authentication scheme, can work even with custom authentication schemes.

      Problems:
      1. Currently server is starting with default authentication providers(DigestAuthenticationProvider, IPAuthenticationProvider). These default authentication providers are not really secure.
      2. ZooKeeper server is not checking whether authentication is done or not before performing any user operation.

      Solutions:
      1. We should not start any authentication provider by default. But this would be backward incompatible change. So we can provide configuration whether to start default authentication provides are not.
      By default we can start these authentication providers.
      2. Before any user operation server should check whether authentication happened or not. At least client must be authenticated with one authentication scheme.

        Attachments

        1. ZOOKEEPER-3558-01.patch
          19 kB
          Mohammad Arshad

          Issue Links

            Activity

              People

              • Assignee:
                arshad.mohammad Mohammad Arshad
                Reporter:
                arshad.mohammad Mohammad Arshad
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: