Description
Implement SASL/Kerberos authentication.
To do this we will need to introduce a new SASLRequest and SASLResponse pair to the client protocol. This request and response will each have only a single byte[] field and will be used to handle the SASL challenge/response cycle. Doing this will initialize the SaslServer instance and associate it with the session in a manner similar to KAFKA-1684.
When using integrity or encryption mechanisms with SASL we will need to wrap and unwrap bytes as in KAFKA-1684 so the same interface that covers the SSLEngine will need to also cover the SaslServer instance.
Attachments
Issue Links
- is blocked by
-
KAFKA-1928 Move kafka.network over to using the network classes in org.apache.kafka.common.network
- Resolved
- is depended upon by
-
KAFKA-1687 SASL unit tests
- Resolved
-
KAFKA-1696 Kafka should be able to generate Hadoop delegation tokens
- Open