[ https://issues.apache.org/jira/browse/KAFKA-2675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14971271#comment-14971271 ]
Ismael Juma commented on KAFKA-2675: ------------------------------------ Thanks [~harsha_ch]. You mentioned that many projects use `serviceName` in the JAAS file (even though it's a non-standard JAAS config and causes the IBM JVM to fail). It would be good if you could elaborate on this some more for our benefit. ZooKeeper uses a system property (zookeeper.sasl.client.username) and there is no mention of serviceName in the Hadoop Security book (which makes sense since it doesn't use JAAS for configuration). I did see serviceName mentioned in the HDP documentation for a few projects (including Kafka), but it wasn't clear to me if this was a HDP enhancement or an upstream feature (it is an enhancement for Kafka, of course). Regarding SASL_KAFKA_SERVER_REALM, that makes sense. I think I know where this needs to be changed and will include the change in the PR for this JIRA. > SASL/Kerberos follow-up > ----------------------- > > Key: KAFKA-2675 > URL: https://issues.apache.org/jira/browse/KAFKA-2675 > Project: Kafka > Issue Type: Sub-task > Components: security > Reporter: Ismael Juma > Assignee: Ismael Juma > Fix For: 0.9.0.0 > > > This is a follow-up to KAFKA-1686. > 1. Decide on `serviceName` configuration: do we want to keep it in two places? > 2. auth.to.local config name is a bit opaque, is there a better one? > 3. Implement or remove SASL_KAFKA_SERVER_REALM config > 4. Consider making Login's thread a daemon thread > 5. Write test that shows authentication failure due to invalid user > 6. Write test that shows authentication failure due to wrong password > 7. Write test that shows authentication failure due ticket expiring -- This message was sent by Atlassian JIRA (v6.3.4#6332)