[ZOOKEEPER-3558] Support authentication enforcement - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Release Note:

Hide
~~ZOOKEEPER-3561~~ implemented this jira functionality in master branch. Won't Fix in branch-3.5

Show
ZOOKEEPER-3561 implemented this jira functionality in master branch. Won't Fix in branch-3.5

Description

Provide authentication enforcement in ZooKeeper that is backward compatible and can work for any authentication scheme, can work even with custom authentication schemes.

Problems:
1. Currently server is starting with default authentication providers(DigestAuthenticationProvider, IPAuthenticationProvider). These default authentication providers are not really secure.
2. ZooKeeper server is not checking whether authentication is done or not before performing any user operation.

Solutions:
1. We should not start any authentication provider by default. But this would be backward incompatible change. So we can provide configuration whether to start default authentication provides are not.
By default we can start these authentication providers.
2. Before any user operation server should check whether authentication happened or not. At least client must be authenticated with one authentication scheme.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ZOOKEEPER-3558-01.patch
25/Sep/19 16:06
19 kB
Mohammad Arshad

Issue Links

is related to

ZOOKEEPER-3561 Generalize target authentication scheme for ZooKeeper authentication enforcement.

Closed

Activity

People

Assignee:: Mohammad Arshad

Reporter:: Mohammad Arshad

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 25/Sep/19 15:59

Updated:: 18/May/22 13:40

Resolved:: 07/Jan/21 09:45