[ https://issues.apache.org/jira/browse/KAFKA-1683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14693676#comment-14693676 ]
Eugene Miretsky edited comment on KAFKA-1683 at 8/12/15 3:40 PM: ----------------------------------------------------------------- My apologies, poorly worded question. Basically was asking where the user/client identity in the session will come from - 1-way SSL (KAFKA-1690) doesn't authenticate the client. I think that KAFKA-1686 will solve it - Kerberos support will allow authenticating as a specific user, and storing the user identity in a session for later authorization. was (Author: emiretsk): My apologies, poorly worded question. Basically was asking where the user identity in the session will come from - 1-way SSL doesn't authenticate the client. I think that KAFKA-1686 will solve it - Kerberos support will allow authenticating as a specific user, and storing the user identity in a session for later authorization. > Implement a "session" concept in the socket server > -------------------------------------------------- > > Key: KAFKA-1683 > URL: https://issues.apache.org/jira/browse/KAFKA-1683 > Project: Kafka > Issue Type: Sub-task > Components: security > Affects Versions: 0.9.0 > Reporter: Jay Kreps > Assignee: Gwen Shapira > Fix For: 0.8.3 > > Attachments: KAFKA-1683.patch, KAFKA-1683.patch > > > To implement authentication we need a way to keep track of some things > between requests. The initial use for this would be remembering the > authenticated user/principle info, but likely more uses would come up (for > example we will also need to remember whether and which encryption or > integrity measures are in place on the socket so we can wrap and unwrap > writes and reads). > I was thinking we could just add a Session object that might have a user > field. The session object would need to get added to RequestChannel.Request > so it is passed down to the API layer with each request. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
