Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-938

Support Kerberos authentication of clients.

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 3.4.0
    • java client, server
    • None
    • Reviewed
    • ZOOKEEPER-938 : support Kerberos authentication via SASL.

    Description

      Support Kerberos authentication of clients.

      The following usage would let an admin use Kerberos authentication to assign ACLs to authenticated clients.

      1. Admin logs into zookeeper (not necessarily through Kerberos however).

      2. Admin decides that a new node called '/mynode' should be owned by the user 'zkclient' and have full permissions on this.

      3. Admin does: zk> create /mynode content sasl:zkclient@FOOFERS.ORG:cdrwa

      4. User 'zkclient' logins to kerberos using the command line utility 'kinit'.

      5. User connects to zookeeper server using a Kerberos-enabled version of zkClient (ZookeeperMain).

      6. Behind the scenes, the client and server exchange authentication information. User is now authenticated as 'zkclient'.

      7. User accesses /mynode with permissions 'cdrwa'.

      Attachments

        1. ZOOKEEPER-938.patch
          113 kB
          Eugene Joseph Koontz
        2. ZOOKEEPER-938.patch
          113 kB
          Eugene Joseph Koontz
        3. ZOOKEEPER-938.patch
          113 kB
          Eugene Joseph Koontz
        4. ZOOKEEPER-938.patch
          82 kB
          Eugene Joseph Koontz
        5. ZOOKEEPER-938.patch
          81 kB
          Eugene Joseph Koontz
        6. ZOOKEEPER-938.patch
          81 kB
          Eugene Joseph Koontz
        7. ZOOKEEPER-938.patch
          81 kB
          Eugene Joseph Koontz
        8. ZOOKEEPER-938.patch
          81 kB
          Eugene Joseph Koontz
        9. ZOOKEEPER-938.patch
          82 kB
          Eugene Joseph Koontz
        10. ZOOKEEPER-938.patch
          83 kB
          Eugene Joseph Koontz
        11. ZOOKEEPER-938.patch
          103 kB
          Eugene Joseph Koontz
        12. ZOOKEEPER-938.patch
          105 kB
          Eugene Joseph Koontz
        13. ZOOKEEPER-938.patch
          96 kB
          Eugene Joseph Koontz
        14. ZOOKEEPER-938.patch
          95 kB
          Eugene Joseph Koontz
        15. jaas.conf
          0.3 kB
          Eugene Joseph Koontz
        16. sasl.patch
          42 kB
          Eugene Joseph Koontz
        17. NIOServerCnxn.patch
          9 kB
          Eugene Joseph Koontz

        Issue Links

          Activity

            No work has yet been logged on this issue.

            People

              ekoontz Eugene Joseph Koontz
              ekoontz Eugene Joseph Koontz
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: