kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sai Sandeep (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KAFKA-8669) Add java security providers in Kafka Security config
Date Mon, 15 Jul 2019 18:06:00 GMT
Sai Sandeep created KAFKA-8669:
----------------------------------

             Summary: Add java security providers in Kafka Security config
                 Key: KAFKA-8669
                 URL: https://issues.apache.org/jira/browse/KAFKA-8669
             Project: Kafka
          Issue Type: Improvement
            Reporter: Sai Sandeep


Currently kafka supports ssl.keymanager.algorithm and ssl.trustmanager.algorithm parameters
as part of secure config. These parameters can be configured to load the key manager and trust
managers which provide keys and certificates for ssl handshakes with the clients/server. The
algorithms configured by parameters need to be registered by Java security provider classes.
These provider classes are configured as JVM properties through java.security file. An example
file given below

``` 

$ cat /usr/lib/jvm/jdk-8-oracle-x64/jre/lib/security/java.security

...

security.provider.1=sun.security.provider.Sun

security.provider.2=sun.security.rsa.SunRsaSign

security.provider.3=sun.security.ec.SunEC

…

``` 

Custom keymanager and trustmanager algorithms can be used to supply the kafka brokers with
keys and certificates, these algorithms can be used to replace the traditional, non-scalable
static keystore and truststore jks files.

To take advantage of these custom algorithms, we want to support java security provider parameter
in security config. This param can be used by kafka brokers or kafka clients(when connecting
to the kafka brokers). The security providers can also be used for configuring security in
SASL based communication too.

 



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Mime
View raw message