[
https://issues.apache.org/jira/browse/KAFKA-4185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15497405#comment-15497405
]
ASF GitHub Bot commented on KAFKA-4185:
---------------------------------------
GitHub user piyushvijay opened a pull request:
https://github.com/apache/kafka/pull/1870
[KAFKA-4185] Abstract out password verifier in SaslServer as an injec…
…table dependency
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/piyushvijay/kafka passwordVerifier
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/kafka/pull/1870.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1870
----
commit cf5fc56d159a475329654fb277140d7c106d32ef
Author: Piyush Vijay <[email protected]>
Date: 2016-09-16T21:16:59Z
[KAFKA-4185] Abstract out password verifier in SaslServer as an injectable
dependency
----
> Abstract out password verifier in SaslServer as an injectable dependency
> ------------------------------------------------------------------------
>
> Key: KAFKA-4185
> URL: https://issues.apache.org/jira/browse/KAFKA-4185
> Project: Kafka
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.10.0.1
> Reporter: Piyush Vijay
> Fix For: 0.10.0.2
>
>
> Kafka comes with a default SASL/PLAIN implementation which assumes that
> username and password are present in a JAAS
> config file. People often want to use some other way to provide username and
> password to SaslServer. Their best bet,
> currently, is to have their own implementation of SaslServer (which would be,
> in most cases, a copied version of PlainSaslServer
> minus the logic where password verification happens). This is not ideal.
> We believe that there exists a better way to structure the current
> PlainSaslServer implementation which makes it very
> easy for people to plug-in their custom password verifier without having to
> rewrite SaslServer or copy any code.
> The idea is to have an injectable dependency interface PasswordVerifier which
> can be re-implemented based on the
> requirements. There would be no need to re-implement or extend
> PlainSaslServer class.
> Note that this is commonly asked feature and there have been some attempts in
> the past to solve this problem:
> https://github.com/apache/kafka/pull/1350
> https://github.com/apache/kafka/pull/1770
> https://issues.apache.org/jira/browse/KAFKA-2629
> https://issues.apache.org/jira/browse/KAFKA-3679
> We believe that this proposed solution does not have the demerits because of
> previous proposals were rejected.
> I would be happy to discuss more.
> Please find the link to the PR in the comments.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)