[ https://issues.apache.org/jira/browse/KAFKA-1686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14194618#comment-14194618 ]
Sriharsha Chintalapani commented on KAFKA-1686: ----------------------------------------------- Hi [~gwenshap] sorry for the late reply. I haven't started on this JIRA and probably for another week atleast I won't be able to work on it. " It looks like the first step must be to authenticate Kafka broker itself with Kerberos". Yes this can be a separate piece and make it into its own JIRA. I'll look into KAFKA-1684 and update the JIRA soon with implementation details. > Implement SASL/Kerberos > ----------------------- > > Key: KAFKA-1686 > URL: https://issues.apache.org/jira/browse/KAFKA-1686 > Project: Kafka > Issue Type: Sub-task > Components: security > Affects Versions: 0.9.0 > Reporter: Jay Kreps > Assignee: Sriharsha Chintalapani > Fix For: 0.9.0 > > > Implement SASL/Kerberos authentication. > To do this we will need to introduce a new SASLRequest and SASLResponse pair > to the client protocol. This request and response will each have only a > single byte[] field and will be used to handle the SASL challenge/response > cycle. Doing this will initialize the SaslServer instance and associate it > with the session in a manner similar to KAFKA-1684. > When using integrity or encryption mechanisms with SASL we will need to wrap > and unwrap bytes as in KAFKA-1684 so the same interface that covers the > SSLEngine will need to also cover the SaslServer instance. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
