[ 
https://issues.apache.org/jira/browse/KAFKA-2675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14971271#comment-14971271
 ] 

Ismael Juma commented on KAFKA-2675:
------------------------------------

Thanks [~harsha_ch].

You mentioned that many projects use `serviceName` in the JAAS file (even 
though it's a non-standard JAAS config and causes the IBM JVM to fail). It 
would be good if you could elaborate on this some more for our benefit. 
ZooKeeper uses a system property (zookeeper.sasl.client.username) and there is 
no mention of serviceName in the Hadoop Security book (which makes sense since 
it doesn't use JAAS for configuration). I did see serviceName mentioned in the 
HDP documentation for a few projects (including Kafka), but it wasn't clear to 
me if this was a HDP enhancement or an upstream feature (it is an enhancement 
for Kafka, of course).

Regarding SASL_KAFKA_SERVER_REALM, that makes sense. I think I know where this 
needs to be changed and will include the change in the PR for this JIRA.

> SASL/Kerberos follow-up
> -----------------------
>
>                 Key: KAFKA-2675
>                 URL: https://issues.apache.org/jira/browse/KAFKA-2675
>             Project: Kafka
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Ismael Juma
>            Assignee: Ismael Juma
>             Fix For: 0.9.0.0
>
>
> This is a follow-up to KAFKA-1686. 
> 1. Decide on `serviceName` configuration: do we want to keep it in two places?
> 2. auth.to.local config name is a bit opaque, is there a better one?
> 3. Implement or remove SASL_KAFKA_SERVER_REALM config
> 4. Consider making Login's thread a daemon thread
> 5. Write test that shows authentication failure due to invalid user
> 6. Write test that shows authentication failure due to wrong password
> 7. Write test that shows authentication failure due ticket expiring



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to