Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-938

Support Kerberos authentication of clients.

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.4.0
    • Component/s: java client, server
    • Labels:
      None
    • Hadoop Flags:
      Reviewed
    • Release Note:
      ZOOKEEPER-938 : support Kerberos authentication via SASL.

      Description

      Support Kerberos authentication of clients.

      The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients.

      1. Admin logs into zookeeper (not necessarily through Kerberos however).

      2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this.

      3. Admin does: zk> create /mynode content sasl:zkclient@FOOFERS.ORG:cdrwa

      4. User 'zkclient' logins to kerberos using the command line utility 'kinit'.

      5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain).

      6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'.

      7. User accesses /mynode with permissions 'cdrwa'.

        Attachments

        1. jaas.conf
          0.3 kB
          Eugene Joseph Koontz
        2. NIOServerCnxn.patch
          9 kB
          Eugene Joseph Koontz
        3. sasl.patch
          42 kB
          Eugene Joseph Koontz
        4. ZOOKEEPER-938.patch
          113 kB
          Eugene Joseph Koontz
        5. ZOOKEEPER-938.patch
          113 kB
          Eugene Joseph Koontz
        6. ZOOKEEPER-938.patch
          113 kB
          Eugene Joseph Koontz
        7. ZOOKEEPER-938.patch
          82 kB
          Eugene Joseph Koontz
        8. ZOOKEEPER-938.patch
          81 kB
          Eugene Joseph Koontz
        9. ZOOKEEPER-938.patch
          81 kB
          Eugene Joseph Koontz
        10. ZOOKEEPER-938.patch
          81 kB
          Eugene Joseph Koontz
        11. ZOOKEEPER-938.patch
          81 kB
          Eugene Joseph Koontz
        12. ZOOKEEPER-938.patch
          82 kB
          Eugene Joseph Koontz
        13. ZOOKEEPER-938.patch
          83 kB
          Eugene Joseph Koontz
        14. ZOOKEEPER-938.patch
          103 kB
          Eugene Joseph Koontz
        15. ZOOKEEPER-938.patch
          105 kB
          Eugene Joseph Koontz
        16. ZOOKEEPER-938.patch
          96 kB
          Eugene Joseph Koontz
        17. ZOOKEEPER-938.patch
          95 kB
          Eugene Joseph Koontz

        Issue Links

          Activity

            People

            • Assignee:
              ekoontz Eugene Joseph Koontz
              Reporter:
              ekoontz Eugene Joseph Koontz

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment