Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-14881

Update UserScramCredentialRecord for SCRAM ZK to KRaft migration

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.5.0
    • 3.5.0
    • kraft
    • None

    Description

      I want to support ZK to KRaft migration.

      ZK stores a storedKey and a serverKey for each SCRAM credential not the saltedPassword.

      The storedKey and serverKey are a crypto hash of some data with the saltedPassword and it is not possible to extract the saltedPassword from them.

      The serverKey and storedKey are enough for SCRAM authentication and saltedPassword is not needed.

      I will update the UserScramCredentialRecord to store serverKey and storedKey instead of saltedPassword and I will update that SCRAM is only supported with a bumped version of IBP_3_5 so that there are no compatibility issues.

      Attachments

        Issue Links

          is required by

          Improvement - An improvement or enhancement to an existing feature or task. KAFKA-14859 Support SCRAM ZK to KRaft Migration

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #13507

          Web Link GitHub Pull Request #13513

          Activity

            People

              pprovenzano Proven Provenzano
              pprovenzano Proven Provenzano
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: