Hi, Rajini, Thanks for the proposal. Looks good overall and seems quite useful (e.g. for supporting delegation tokens). A few comments/questions below.
1. For the ZK data format change, should we use the same convention as in KIP-55 to use encoded user name (i.e., /config/users/<encoded-user1>)? 2. For tooling, could you describe how user typically generates scam_server_key and scram_stored_key to be used by kafka-config.sh? 3. Is there a particular reason to only support sha1 and sha128? Should we support more hashes listed below in the future? http://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xhtml 4. Is there a reason not to cache user credentials in the broker? The dynamic config mechanism already supports loading configs into broker's cache. Checking credentials from broker's cache is more efficient than reading from ZK each time. 5. Typo "scram_iteration-4096" (= instead of -). Thanks, Jun On Tue, Oct 4, 2016 at 6:43 AM, Rajini Sivaram <rajinisiva...@googlemail.com > wrote: > Hi all, > > I have just created KIP-84 to add SCRAM-SHA-1 and SCRAM-SHA-256 SASL > mechanisms to Kafka: > > https://cwiki.apache.org/confluence/display/KAFKA/KIP- > 84%3A+Support+SASL+SCRAM+mechanisms > > > Comments and suggestions are welcome. > > Thank you... > > Regards, > > Rajini >
