[KAFKA-3166] Disable SSL client authentication for SASL_SSL security protocol - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.9.0.0
Fix Version/s: 0.9.0.1
Component/s: security
Labels:
None

Description

A useful scenario is for a broker to require clients to authenticate either via SSL or via SASL (with SASL_SSL security protocol). With the current code, this is not possible to achieve. If we set `ssl.client.auth` to `required`, then it will be required for both SSL and SASL.

I suggest we hardcode `ssl.client.auth` to `none` for the `SASL_SSL` case.

Attachments

Activity

People

Assignee:: Ismael Juma

Reporter:: Ismael Juma

Reviewer:: sriharsha chintalapani

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28/Jan/16 20:15

Updated:: 29/Jan/16 13:09

Resolved:: 29/Jan/16 13:09