kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KAFKA-3166) Disable SSL client authentication for SASL_SSL security protocol
Date Thu, 28 Jan 2016 20:18:39 GMT

    [ https://issues.apache.org/jira/browse/KAFKA-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15122259#comment-15122259
] 

ASF GitHub Bot commented on KAFKA-3166:
---------------------------------------

GitHub user ijuma opened a pull request:

    https://github.com/apache/kafka/pull/827

    KAFKA-3166; Disable SSL client authentication for SASL_SSL security protocol

    Also:
    
    * Fixed a bug in `createSslConfig` where we were always generating a
    keystore even if `useClientCert` was false and `mode` was `Mode.CLIENT``.
    * Pass `numRecords` to `consumerRecords` and other clean-ups (formatting and scaladoc).


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/ijuma/kafka kafka-3166-disable-ssl-auth-sasl-ssl

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/827.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #827
    
----
commit a73db892c96e333bd1942655014bd34662522c39
Author: Ismael Juma <ismael@juma.me.uk>
Date:   2016-01-28T19:51:14Z

    SSL client authentication should be disabled for SASL_SSL security protocol
    
    Also fixed a bug in `createSslConfig` where we were always generating a
    keystore even if `useClientCert` was false and `mode` was `Mode.CLIENT``.

commit 82652211f7de1191df9f955809cf35671e0b38c8
Author: Ismael Juma <ismael@juma.me.uk>
Date:   2016-01-28T19:56:46Z

    Pass `numRecords` to `consumerRecords` and clean-ups.

----


> Disable SSL client authentication for SASL_SSL security protocol
> ----------------------------------------------------------------
>
>                 Key: KAFKA-3166
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3166
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 0.9.0.0
>            Reporter: Ismael Juma
>            Assignee: Ismael Juma
>
> A useful scenario is for a broker to require clients to authenticate either via SSL or
via SASL (with SASL_SSL security protocol). With the current code, this is not possible to
achieve. If we set `ssl.client.auth` to `required`, then it will be required for both SSL
and SASL.
> I suggest we hardcode `ssl.client.auth` to `none` for the `SASL_SSL` case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message