SASL itself can provide pluggable authentication , why not extend there. There is also proposal for SASL/PLAIN which does extend the current authentication options. I think thats what Rajini is also talking about. -Harsha
On Tue, Jan 26, 2016, at 01:56 AM, tao xiao wrote: > Hi Rajini, > > I think I need to rephrase some of the wordings in the KIP. I meant to > provide a customized security protocol which may/may not include SSL > underneath. With CUSTOMIZED security protocol users have the ability to > plugin both authentication and security communication components. > > > On Tue, 26 Jan 2016 at 17:45 Rajini Sivaram > <rajinisiva...@googlemail.com> > wrote: > > > Hi Tao, > > > > I have a couple of questions: > > > > 1. Is there a reason why you wouldn't want to implement a custom SASL > > mechanism to use your authentication mechanism? SASL itself aims to > > provide > > pluggable authentication mechanisms. > > 2. The KIP suggests that you are interested in plugging in a custom > > authenticator, but not a custom transport layer. If that is the case, > > maybe > > you need CUSTOM_PLAINTEXT and CUSTOM_SSL for consistency with the other > > security protocols (which are a combination of transport layer protocol > > and > > authentication protocol)? > > > > > > Regards, > > > > Rajini > > > > On Tue, Jan 26, 2016 at 6:58 AM, tao xiao <xiaotao...@gmail.com> wrote: > > > > > > > HI Kafka developers, > > > > > > I raised a KIP-44, allow a customized security protocol, for discussion. > > > The goal of this KIP to enable a customized security protocol where users > > > can plugin their own implementation. > > > > > > Feedback is welcomed > > > > > > > >
