THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- SSL/TLS support for encrypting comunications and/or to implement client authentication
- Use ACLs while writing to ZooKeeper
- Provide an extensible Authentication framework (in BookKeeper 4.4.0 there is already partial support for this)
- Provide a out-of-the box plugin which implements standard SASL authentication, with at least support for GSSAPI/Kerberos and DIGEST-MD5 mechs
- Provide initial support for Authorization
...
Proposals
Major concers are about protocol compatibility, data encryption, configuration on Bookie side and client-side and , rolling upgrades and ZooKeeper security.
SSL Support
TBD
Secure ZooKeeper data structures
...
ISSUE: On ZookKeeper the SASL mechanism is decided upon the type of JAAS Subject, this is very simply from admin to be configured. We should make the configuration more explicit, something like a configuration property sasl.mech=GSSAPI|DIGEST-M5.....
SSL/TLS Support
TBD
Action
Jira | ||||||
---|---|---|---|---|---|---|
|
...