[
https://issues.apache.org/jira/browse/KAFKA-2675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14971271#comment-14971271
]
Ismael Juma commented on KAFKA-2675:
------------------------------------
Thanks [~harsha_ch].
You mentioned that many projects use `serviceName` in the JAAS file (even
though it's a non-standard JAAS config and causes the IBM JVM to fail). It
would be good if you could elaborate on this some more for our benefit.
ZooKeeper uses a system property (zookeeper.sasl.client.username) and there is
no mention of serviceName in the Hadoop Security book (which makes sense since
it doesn't use JAAS for configuration). I did see serviceName mentioned in the
HDP documentation for a few projects (including Kafka), but it wasn't clear to
me if this was a HDP enhancement or an upstream feature (it is an enhancement
for Kafka, of course).
Regarding SASL_KAFKA_SERVER_REALM, that makes sense. I think I know where this
needs to be changed and will include the change in the PR for this JIRA.
> SASL/Kerberos follow-up
> -----------------------
>
> Key: KAFKA-2675
> URL: https://issues.apache.org/jira/browse/KAFKA-2675
> Project: Kafka
> Issue Type: Sub-task
> Components: security
> Reporter: Ismael Juma
> Assignee: Ismael Juma
> Fix For: 0.9.0.0
>
>
> This is a follow-up to KAFKA-1686.
> 1. Decide on `serviceName` configuration: do we want to keep it in two places?
> 2. auth.to.local config name is a bit opaque, is there a better one?
> 3. Implement or remove SASL_KAFKA_SERVER_REALM config
> 4. Consider making Login's thread a daemon thread
> 5. Write test that shows authentication failure due to invalid user
> 6. Write test that shows authentication failure due to wrong password
> 7. Write test that shows authentication failure due ticket expiring
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
