[
https://issues.apache.org/jira/browse/BOOKKEEPER-391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15607645#comment-15607645
]
Enrico Olivelli commented on BOOKKEEPER-391:
--------------------------------------------
For the inter-bookie communications I think that actual implementation the
clientAuthProviderFactoryClass property must be configured on Bookie
configuration this is because the BookKeeper client used by the Auditor is
created using a ClientConfiguration built by cloning the ServerConfiguration
which usually will be populated with the bookieAuthProviderFactoryClass
property.
On each Bookie we have to setup the JAAS entry for Bookie (in order to accept
connections) and for BookKeeper (in order to connect to other Bookies)
I can add some test cases in order to show the usage of the auth on the Auditor
this issue is related to the Auth system and not just to this plugin, I will
push this code to another JIRA, [~hustlmsp]] can I commit it in the scope of
BOOKKEEPER-959 ?
> Support Kerberos authentication of bookkeeper
> ---------------------------------------------
>
> Key: BOOKKEEPER-391
> URL: https://issues.apache.org/jira/browse/BOOKKEEPER-391
> Project: Bookkeeper
> Issue Type: New Feature
> Components: bookkeeper-client, bookkeeper-server
> Reporter: Rakesh R
> Assignee: Enrico Olivelli
>
> This JIRA to discuss authentication mechanism of bookie clients and server.
> Assume ZK provides fully secured communication channel using Kerberos based
> authentication and authorization model. We could also manage and renew users
> authenticated to BK via Kerberos. There is currently no configuration or
> hooks for the Bookie process to obtain Kerberos credentials.
> Today an unauthenticated bookie client can easily establish connection with
> the bookkeeper server.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
