[
https://issues.apache.org/jira/browse/BOOKKEEPER-391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15656739#comment-15656739
]
Enrico Olivelli commented on BOOKKEEPER-391:
--------------------------------------------
[~rakeshr] During the meeting we talked about this issue.
Can you explain more deeply the purpose of having a special entry for the
Auditor ?
In 4.4 the Auditor uses the normal BookKeeper client and so we would need to
add some "special" flag to make BookKeeper client use the special entry instead
of the defualt client entry.
Do you see production use cases where it would be better to have a different
principal for the Auditor ?
On Bookies you are going to have the BookieServer entry and the BookieAuditor
entry, maybe it would be simpler to have a BookieServer entry and a BookKeeper
entry
thanks
> Support Kerberos authentication of bookkeeper
> ---------------------------------------------
>
> Key: BOOKKEEPER-391
> URL: https://issues.apache.org/jira/browse/BOOKKEEPER-391
> Project: Bookkeeper
> Issue Type: New Feature
> Components: bookkeeper-client, bookkeeper-server
> Reporter: Rakesh R
> Assignee: Enrico Olivelli
>
> This JIRA to discuss authentication mechanism of bookie clients and server.
> Assume ZK provides fully secured communication channel using Kerberos based
> authentication and authorization model. We could also manage and renew users
> authenticated to BK via Kerberos. There is currently no configuration or
> hooks for the Bookie process to obtain Kerberos credentials.
> Today an unauthenticated bookie client can easily establish connection with
> the bookkeeper server.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
