kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sriharsha Chintalapani <ka...@harsha.io>
Subject Re: [DISCUSS] KIP-12 - Kafka Sasl/Kerberos implementation
Date Mon, 20 Apr 2015 20:44:49 GMT
Hi Jun,
           I am using the underlying protocol GSS-API that sasl also uses. I can add
details about LDAP/AD . For AD , this is in general the integration of AD to KERBEROS. I.e
  kerberos can talk to AD to get the kinit login credentials ( more of a setup details between
kerberos and AD) . For LDAP GSS-API allows you to do DIGEST  auth as well. I’ll add the
details regarding both of these.
       For SSL support I’ll add the details to the same KIP as they both extend the
same Channel and share some of the implementation.

Thanks,
Harsha


On April 20, 2015 at 12:31:12 PM, Jun Rao (jun@confluent.io) wrote:

Hi, Harsha,  

For SASL, a common use case is the integration with LDAP/AD. For  
completeness, could you describe (or provide a link) how such integration  
can be done?  

Also, what about the SSL support, do you plan to describe it in same same  
KIP or a separate one?  

Thanks,  

Jun  

On Mon, Apr 20, 2015 at 12:42 PM, Sriharsha Chintalapani <kafka@harsha.io>  
wrote:  

> Hi,  
> I updated the KIP-12 with more details. Please take a look  
> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=51809888  
>  
> Thanks,  
> Harsha  
>  
>  
> On February 11, 2015 at 10:02:43 AM, Harsha (kafka@harsha.io) wrote:  
>  
> Thanks Joe. It will be part of KafkaServer and will run on its own  
> thread. Since each kafka server will run with a keytab we should make  
> sure they are all getting renewed.  
>  
> On Wed, Feb 11, 2015, at 10:00 AM, Joe Stein wrote:  
> > Thanks Harsha, looks good so far. How were you thinking of running  
> > the KerberosTicketManager as a standalone process or like controller or  
> > is  
> > it a layer of code that does the plumbing pieces everywhere?  
> >  
> > ~ Joestein  
> >  
> > On Wed, Feb 11, 2015 at 12:18 PM, Harsha <kafka@harsha.io> wrote:  
> >  
> > > Hi,  
> > > Here is the initial proposal for sasl/kerberos implementation for  
> > > kafka https://cwiki.apache.org/confluence/x/YI4WAw  
> > > and JIRA https://issues.apache.org/jira/browse/KAFKA-1686. I am  
> > > currently working on prototype which will add more details to the KIP.  
> > > Just opening the thread to say the work is in progress. I'll update the  
> > > thread with a initial prototype patch.  
> > > Thanks,  
> > > Harsha  
> > >  
>  

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message