kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajini Sivaram (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KAFKA-5500) it is impossible to have custom Login Modules for PLAIN SASL mechanism
Date Wed, 05 Jul 2017 13:07:00 GMT

    [ https://issues.apache.org/jira/browse/KAFKA-5500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16074720#comment-16074720

Rajini Sivaram commented on KAFKA-5500:

Kafka's implementation of {{PlainLoginModule}} is tightly integrated with its implementation
of {{PlainSaslServerProvider}} and {{PlainSaslServer}} (the server provider is loaded by the
login module). At the moment, you can replace the whole server-side SASL/PLAIN implementation
with your own implementation by replacing the three classes in {{org.apache.kafka.common.security.plain}}
with your own implementation. As described in the docs (https://kafka.apache.org/documentation/#security_sasl_plain_production),
the implementation in Kafka is provided as a sample and not suitable for use in production,

should improve customization.

> it is impossible to have custom Login Modules for PLAIN SASL mechanism
> ----------------------------------------------------------------------
>                 Key: KAFKA-5500
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5500
>             Project: Kafka
>          Issue Type: Wish
>            Reporter: Anton Patrushev
>            Priority: Minor
> This change -
>  https://github.com/apache/kafka/commit/275c5e1df237808fe72b8d9933f826949d4b5781#diff-3e86ea3ab586f9b6f920c00508a0d5bcR95
- makes it impossible have login modules other than PlainLoginModule used for PLAIN SASL mechanism.
Could it be changed the way that doesn't use particular login module class name?

This message was sent by Atlassian JIRA

View raw message