Details
-
Wish
-
Status: Open
-
Major
-
Resolution: Unresolved
-
8.2, 9.0
-
None
-
None
Description
ZooKeeper supports X509 authentication and ACLs towards Zookeeper servers. It seems that when enabling SSL support in ZooKeeper 3.5.5 and ACLs only X509 ACLs are allowed and others (e.g. Kerberos Authentication and Kerberos ACLs with SSL communication enabled) are not possible (see also: https://issues.apache.org/jira/browse/ZOOKEEPER-3482).
Furthermore, in highly automized cloud environments, large scale cloud search services or enterprise environments, X509 authentication and X509 ACLs could be an attractive alternative compared to Kerberos.
Solr should thus support a X509ZkAclProivder for X509 Zookeeper Authentication and ACLs.
See also:
- Zookeeper X509 authentication provider: https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide#ZooKeeperSSLUserGuide-X509AuthenticationProvider
- ZooKeeper Admin Guide: https://zookeeper.apache.org/doc/r3.5.5/zookeeperAdmin.html#sc_authOptions
Attachments
Issue Links
- blocks
-
SOLR-7893 Document ZooKeeper SSL support
- Reopened