btw. I think we barely mention support of delegation tokens to allow accessing Kafka from MR jobs, Storm, Samza, etc.
Does it sound "in scope" for next week's agenda? Gwen On Tue, Sep 16, 2014 at 10:59 AM, Joe Stein <joe.st...@stealth.ly> wrote: > cool, I just added you to the invite > > On Tue, Sep 16, 2014 at 10:57 AM, Harsha <ka...@harsha.io> wrote: > >> Hi Joe, >> I am interested in joining the efforts. I went through apache >> storm security with kerberos so I can bring some of that >> experience into the discussion. >> Thanks, >> Harsha >> >> On Tue, Sep 16, 2014, at 10:37 AM, Joe Stein wrote: >> > Hi Andrew, yes the meeting took place and we plan to-do it every two >> > weeks >> > (same bat time, same bat channel) moving forward. >> > >> > In attendance was Michael Herstine (LinkedIn), Arvind Mani (LinkedIn), >> > Gwen >> > Shapira (Cloudera) and myself. >> > >> > Gwen updated the wiki after our discussion. Basically we are thinking of >> > using 3 ports one for plain text (so like it is now), one for SASL >> > (implementing username/password and kerberos at least) and one for SSL >> > and >> > they will all be configurable on/off. Some investigation is going on now >> > to see about how we can do this without making any wire protocol changes >> > (ideal) or minimal changes at least. >> > >> > Let me know and I can add you to the invite if you would like to >> > contribute >> > the more help and input the better for sure. >> > >> > Also in regards to KAFKA-1477 I just asked Ivan to update the patch to >> > latest trunk and we could (demand required) make a patch that works with >> > 0.8.1.X too for folks to use... This doesn't work yet with the new >> > producer >> > (TBD) or any other clients so be aware it is not yet baked in and from >> > release project perspective I don't know what in that patch will survive >> > (hopefully all of it). >> > >> > /******************************************* >> > Joe Stein >> > Founder, Principal Consultant >> > Big Data Open Source Security LLC >> > http://www.stealth.ly >> > Twitter: @allthingshadoop <http://www.twitter.com/allthingshadoop> >> > ********************************************/ >> > >> > On Tue, Sep 16, 2014 at 10:17 AM, Andrew Psaltis >> > <psaltis.and...@gmail.com> >> > wrote: >> > >> > > Hi, >> > > I was just reading the recent changes to: >> > > https://cwiki.apache.org/confluence/display/KAFKA/Security after >> getting >> > > off a call about Kafka security and how we are jumping through hoops -- >> > > like having PGP keys on the consumers and producers to get around the >> lack >> > > of SSL support. Did the meeting that Joe proposed happen for Sept 9th >> > > happen? If not is there a plan to have it? I was also looking at: >> > > https://issues.apache.org/jira/browse/KAFKA-1477 and it seems like >> there >> > > have been no comments since 11/08/2014. I would be interested in >> helping >> > > with the TLS/SSL support as we have a need for it now. >> > > >> > > Thanks, >> > > Andrew >> > > >>
