[jira] [Commented] (KAFKA-3166) Disable SSL client authentication for SASL_SSL security protocol

Thu, 28 Jan 2016 12:19:17 -0800 

    [ 
https://issues.apache.org/jira/browse/KAFKA-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15122259#comment-15122259
 ] 

ASF GitHub Bot commented on KAFKA-3166:
---------------------------------------

GitHub user ijuma opened a pull request:

    https://github.com/apache/kafka/pull/827

    KAFKA-3166; Disable SSL client authentication for SASL_SSL security protocol

    Also:
    
    * Fixed a bug in `createSslConfig` where we were always generating a
    keystore even if `useClientCert` was false and `mode` was `Mode.CLIENT``.
    * Pass `numRecords` to `consumerRecords` and other clean-ups (formatting 
and scaladoc).


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/ijuma/kafka 
kafka-3166-disable-ssl-auth-sasl-ssl

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/827.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #827
    
----
commit a73db892c96e333bd1942655014bd34662522c39
Author: Ismael Juma <[email protected]>
Date:   2016-01-28T19:51:14Z

    SSL client authentication should be disabled for SASL_SSL security protocol
    
    Also fixed a bug in `createSslConfig` where we were always generating a
    keystore even if `useClientCert` was false and `mode` was `Mode.CLIENT``.

commit 82652211f7de1191df9f955809cf35671e0b38c8
Author: Ismael Juma <[email protected]>
Date:   2016-01-28T19:56:46Z

    Pass `numRecords` to `consumerRecords` and clean-ups.

----


> Disable SSL client authentication for SASL_SSL security protocol
> ----------------------------------------------------------------
>
>                 Key: KAFKA-3166
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3166
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 0.9.0.0
>            Reporter: Ismael Juma
>            Assignee: Ismael Juma
>
> A useful scenario is for a broker to require clients to authenticate either 
> via SSL or via SASL (with SASL_SSL security protocol). With the current code, 
> this is not possible to achieve. If we set `ssl.client.auth` to `required`, 
> then it will be required for both SSL and SASL.
> I suggest we hardcode `ssl.client.auth` to `none` for the `SASL_SSL` case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to