[
https://issues.apache.org/jira/browse/SOLR-13673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16948405#comment-16948405
]
Jan Høydahl commented on SOLR-13673:
------------------------------------
Hi Jörn, have you looked further into this?
> Provide X509ZkAclProvider for X509 Zookeeper Authentication and ACLs
> --------------------------------------------------------------------
>
> Key: SOLR-13673
> URL: https://issues.apache.org/jira/browse/SOLR-13673
> Project: Solr
> Issue Type: Wish
> Security Level: Public(Default Security Level. Issues are Public)
> Components: SolrCloud
> Affects Versions: master (9.0), 8.2
> Reporter: Jörn Franke
> Priority: Major
>
> ZooKeeper supports X509 authentication and ACLs towards Zookeeper servers. It
> seems that when enabling SSL support in ZooKeeper 3.5.5 and ACLs only X509
> ACLs are allowed and others (e.g. Kerberos Authentication and Kerberos ACLs
> with SSL communication enabled) are not possible (see also:
> https://issues.apache.org/jira/browse/ZOOKEEPER-3482).
> Furthermore, in highly automized cloud environments, large scale cloud search
> services or enterprise environments, X509 authentication and X509 ACLs could
> be an attractive alternative compared to Kerberos.
> Solr should thus support a X509ZkAclProivder for X509 Zookeeper
> Authentication and ACLs.
>
> See also:
> * Zookeeper X509 authentication provider:
> [https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide#ZooKeeperSSLUserGuide-X509AuthenticationProvider]
> * ZooKeeper Admin Guide:
> [https://zookeeper.apache.org/doc/r3.5.5/zookeeperAdmin.html#sc_authOptions]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
