kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Connie Yang <cybercon...@gmail.com>
Subject Re: Support customized security protocol
Date Wed, 20 Jan 2016 03:56:47 GMT
@Ismael, what's the status of the SASL/PLAIN PR,
https://github.com/apache/kafka/pull/341?



On Tue, Jan 19, 2016 at 6:25 PM, tao xiao <xiaotao183@gmail.com> wrote:

> The PR provides a new SASL mech but it doesn't provide a pluggable way to
> implement user's own logic to do authentication. So I don't think the PR
> will meet my need.
>
> I will write a KIP to open the discussion.
>
> p.s. Ismael, can you grant me the permission to create a KIP in Kafka
> space?
>
>
> On Wed, 20 Jan 2016 at 10:08 Ismael Juma <ismael@juma.me.uk> wrote:
>
> > Hi Tao,
> >
> > The other way would be to implement a SASL provider:
> >
> >
> >
> https://docs.oracle.com/javase/8/docs/technotes/guides/security/sasl/sasl-refguide.html#PROV
> >
> > This would still require Kafka to be changed, some of the changes are in
> > the following PR:
> >
> > https://github.com/apache/kafka/pull/341
> >
> > As per the discussion in the PR above, a KIP is also required.
> >
> > Ismael
> >
> > On Wed, Jan 20, 2016 at 1:48 AM, tao xiao <xiaotao183@gmail.com> wrote:
> >
> > > Hi Ismael,
> > >
> > > BTW looks like I don't have the permission to add a KIP in Kafka space.
> > Can
> > > you please grant me the permission?
> > >
> > > On Wed, 20 Jan 2016 at 09:40 tao xiao <xiaotao183@gmail.com> wrote:
> > >
> > > > Hi Ismael,
> > > >
> > > > Thank you for your reply. I am happy to have a writeup on this.
> > > >
> > > > Can you think of any other ways to make security protocol pluggable
> > > > instead of extending ChannelBuilder?
> > > >
> > > > On Wed, 20 Jan 2016 at 02:14 Ismael Juma <ismael@juma.me.uk> wrote:
> > > >
> > > >> Hi Tao,
> > > >>
> > > >> As you say, security protocols are not currently pluggable.
> > > >> `ChannelBuilder` is already an interface, but `SecurityProtocol` is
> an
> > > >> enum, which makes it hard for users to add additional security
> > > protocols.
> > > >> Changing this would probably require a KIP:
> > > >>
> > > >>
> > > >>
> > >
> >
> https://cwiki.apache.org/confluence/display/KAFKA/Kafka+Improvement+Proposals
> > > >>
> > > >> Ismael
> > > >>
> > > >> On Mon, Jan 18, 2016 at 3:15 AM, tao xiao <xiaotao183@gmail.com>
> > wrote:
> > > >>
> > > >> > Hi Kafka team,
> > > >> >
> > > >> > I want to know if I can plug-in my own security protocol to Kafka
> to
> > > >> > implement project specific authentication mechanism. The current
> > > >> supported
> > > >> > authentication protocols, SASL/GSSAPI and SSL, are not supported
> in
> > my
> > > >> > company and we have own security protocol to do authentication.
> > > >> >
> > > >> > Is it a good idea to make ChannelBuilder extensible so that I
can
> > > >> implement
> > > >> > it with my own security channel?
> > > >> >
> > > >>
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message