kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Manikumar (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (KAFKA-4185) Abstract out password verifier in SaslServer as an injectable dependency
Date Thu, 25 Jan 2018 16:16:00 GMT

     [ https://issues.apache.org/jira/browse/KAFKA-4185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Manikumar resolved KAFKA-4185.
    Resolution: Duplicate

Closing this in favor of KIP-86/KAFKA-4292. Please reopen if you think otherwise

> Abstract out password verifier in SaslServer as an injectable dependency
> ------------------------------------------------------------------------
>                 Key: KAFKA-4185
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4185
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>    Affects Versions:
>            Reporter: Piyush Vijay
>            Priority: Major
> Kafka comes with a default SASL/PLAIN implementation which assumes that username and
password are present in a JAAS
> config file. People often want to use some other way to provide username and password
to SaslServer. Their best bet,
> currently, is to have their own implementation of SaslServer (which would be, in most
cases, a copied version of PlainSaslServer
> minus the logic where password verification happens). This is not ideal.
> We believe that there exists a better way to structure the current PlainSaslServer implementation
which makes it very
> easy for people to plug-in their custom password verifier without having to rewrite SaslServer
or copy any code.
> The idea is to have an injectable dependency interface PasswordVerifier which can be
re-implemented based on the
> requirements. There would be no need to re-implement or extend PlainSaslServer class.
> Note that this is commonly asked feature and there have been some attempts in the past
to solve this problem:
> https://github.com/apache/kafka/pull/1350
> https://github.com/apache/kafka/pull/1770
> https://issues.apache.org/jira/browse/KAFKA-2629
> https://issues.apache.org/jira/browse/KAFKA-3679
> We believe that this proposed solution does not have the demerits because of previous
proposals were rejected.
> I would be happy to discuss more.
> Please find the link to the PR in the comments.

This message was sent by Atlassian JIRA

View raw message