Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-1682 Security for Kafka
  3. KAFKA-1686

Implement SASL/Kerberos

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 0.8.2.1
    • 0.9.0.0
    • security
    • None

    Description

      Implement SASL/Kerberos authentication.

      To do this we will need to introduce a new SASLRequest and SASLResponse pair to the client protocol. This request and response will each have only a single byte[] field and will be used to handle the SASL challenge/response cycle. Doing this will initialize the SaslServer instance and associate it with the session in a manner similar to KAFKA-1684.

      When using integrity or encryption mechanisms with SASL we will need to wrap and unwrap bytes as in KAFKA-1684 so the same interface that covers the SSLEngine will need to also cover the SaslServer instance.

      Attachments

        Issue Links

          is blocked by

          Sub-task - The sub-task of the issue KAFKA-1928 Move kafka.network over to using the network classes in org.apache.kafka.common.network

          • Major - Major loss of function.
          • Resolved
          is depended upon by

          Sub-task - The sub-task of the issue KAFKA-1687 SASL unit tests

          • Major - Major loss of function.
          • Resolved

          New Feature - A new feature of the product, which has yet to be developed. KAFKA-1696 Kafka should be able to generate Hadoop delegation tokens

          • Major - Major loss of function.
          • Open

          Activity

            People

              sriharsha Harsha
              jkreps Jay Kreps
              Jun Rao Jun Rao
              Votes:
              2 Vote for this issue
              Watchers:
              24 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: