Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-938

Support Kerberos authentication of clients.

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.4.0
    • Component/s: java client, server
    • Labels:
      None
    • Hadoop Flags:
      Reviewed
    • Release Note:
      ZOOKEEPER-938 : support Kerberos authentication via SASL.

      Description

      Support Kerberos authentication of clients.

      The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients.

      1. Admin logs into zookeeper (not necessarily through Kerberos however).

      2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this.

      3. Admin does: zk> create /mynode content sasl:zkclient@FOOFERS.ORG:cdrwa

      4. User 'zkclient' logins to kerberos using the command line utility 'kinit'.

      5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain).

      6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'.

      7. User accesses /mynode with permissions 'cdrwa'.

        Attachments

        1. ZOOKEEPER-938.patch
          95 kB
          Eugene Koontz
        2. ZOOKEEPER-938.patch
          96 kB
          Eugene Koontz
        3. ZOOKEEPER-938.patch
          105 kB
          Eugene Koontz
        4. ZOOKEEPER-938.patch
          103 kB
          Eugene Koontz
        5. ZOOKEEPER-938.patch
          83 kB
          Eugene Koontz
        6. ZOOKEEPER-938.patch
          82 kB
          Eugene Koontz
        7. ZOOKEEPER-938.patch
          81 kB
          Eugene Koontz
        8. ZOOKEEPER-938.patch
          81 kB
          Eugene Koontz
        9. ZOOKEEPER-938.patch
          81 kB
          Eugene Koontz
        10. ZOOKEEPER-938.patch
          81 kB
          Eugene Koontz
        11. ZOOKEEPER-938.patch
          82 kB
          Eugene Koontz
        12. ZOOKEEPER-938.patch
          113 kB
          Eugene Koontz
        13. ZOOKEEPER-938.patch
          113 kB
          Eugene Koontz
        14. ZOOKEEPER-938.patch
          113 kB
          Eugene Koontz
        15. sasl.patch
          42 kB
          Eugene Koontz
        16. NIOServerCnxn.patch
          9 kB
          Eugene Koontz
        17. jaas.conf
          0.3 kB
          Eugene Koontz

          Issue Links

            Activity

              People

              • Assignee:
                ekoontz Eugene Koontz
                Reporter:
                ekoontz Eugene Koontz
              • Votes:
                0 Vote for this issue
                Watchers:
                15 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: