[ https://issues.apache.org/jira/browse/KAFKA-2675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14971107#comment-14971107 ]
Sriharsha Chintalapani commented on KAFKA-2675: ----------------------------------------------- 1. Decide on `serviceName` configuration: do we want to keep it in two places? We should keep this in two places. Configuring serviceName in jaas file as been the way to go in all other projects. We only kept in two places because of IBM jdk. 3. Implement or remove SASL_KAFKA_SERVER_REALM config This is required on the client side. Its very common scenario where server/broker in one relam and clients are in another . In this case clients needs to configure the server realm. By default we use clients realm to connect to server. > SASL/Kerberos follow-up > ----------------------- > > Key: KAFKA-2675 > URL: https://issues.apache.org/jira/browse/KAFKA-2675 > Project: Kafka > Issue Type: Sub-task > Components: security > Reporter: Ismael Juma > Assignee: Ismael Juma > Fix For: 0.9.0.0 > > > This is a follow-up to KAFKA-1686. > 1. Decide on `serviceName` configuration: do we want to keep it in two places? > 2. auth.to.local config name is a bit opaque, is there a better one? > 3. Implement or remove SASL_KAFKA_SERVER_REALM config > 4. Consider making Login's thread a daemon thread > 5. Write test that shows authentication failure due to invalid user > 6. Write test that shows authentication failure due to wrong password > 7. Write test that shows authentication failure due ticket expiring -- This message was sent by Atlassian JIRA (v6.3.4#6332)