[
https://issues.apache.org/jira/browse/KAFKA-4406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15670416#comment-15670416
]
Rajini Sivaram commented on KAFKA-4406:
---------------------------------------
Java security providers are used not just for cryptographic services, but for
any security service with a pluggable architecture. This includes SASL, which
is used by Kafka for authentication. And JCA provider is used in
`MessageDigest` as well, used in the broker even without SSL.
You are right that it is unlikely that anyone would want to replace an existing
SSL provider and provider names are configurable for SSL. But if you wanted to
use the same option to configure SASL providers, you might want to replace an
existing provider, which is looked up by SASL mechanism.
> Add support for custom Java Security Providers in configuration
> ---------------------------------------------------------------
>
> Key: KAFKA-4406
> URL: https://issues.apache.org/jira/browse/KAFKA-4406
> Project: Kafka
> Issue Type: Improvement
> Components: core
> Affects Versions: 0.10.0.1
> Reporter: Magnus Reftel
> Priority: Minor
>
> Currently, the only way to add a custom security provider is though adding a
> -Djava.security.properties=<filename> option to the command line, e.g. though
> KAFKA_OPTS. It would be more convenient if this could be done though the
> config file, like all the other SSL related options.
> I propose adding a new configuration option, ssl.provider.classes, which
> holds a list of names of security provider classes that will be loaded,
> instantiated, and added before creating SSL contexts.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
