[
https://issues.apache.org/jira/browse/BOOKKEEPER-391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15978881#comment-15978881
]
ASF GitHub Bot commented on BOOKKEEPER-391:
-------------------------------------------
Github user eolivelli commented on the issue:
https://github.com/apache/bookkeeper/pull/110
@revans2
I have pushed the TGT refresh logic for the bookie side, I'm going to do
the same for the client-side
I will push other commits soon in order to address all of your comments
(TGT refresh on the client side, logging, authenticationID vs
authorizationID...)
Meanwhile I'm asking you some suggestion about the validation of the client
side principal. I did not find any example on ZooKeeper code.
> Support Kerberos authentication of bookkeeper
> ---------------------------------------------
>
> Key: BOOKKEEPER-391
> URL: https://issues.apache.org/jira/browse/BOOKKEEPER-391
> Project: Bookkeeper
> Issue Type: New Feature
> Components: bookkeeper-client, bookkeeper-server
> Reporter: Rakesh R
> Assignee: Enrico Olivelli
> Fix For: 4.5.0
>
>
> This JIRA to discuss authentication mechanism of bookie clients and server.
> Assume ZK provides fully secured communication channel using Kerberos based
> authentication and authorization model. We could also manage and renew users
> authenticated to BK via Kerberos. There is currently no configuration or
> hooks for the Bookie process to obtain Kerberos credentials.
> Today an unauthenticated bookie client can easily establish connection with
> the bookkeeper server.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
