[
https://issues.apache.org/jira/browse/KAFKA-4636?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ismael Juma updated KAFKA-4636:
-------------------------------
Labels: kip (was: )
> Per listener security settings (KIP-103)
> ----------------------------------------
>
> Key: KAFKA-4636
> URL: https://issues.apache.org/jira/browse/KAFKA-4636
> Project: Kafka
> Issue Type: Bug
> Reporter: Ismael Juma
> Assignee: Ismael Juma
> Labels: kip
> Fix For: 0.10.2.0
>
>
> This is a follow-up to KAFKA-4565 where most of KIP-103 was implemented. I
> quote the missing bit from the KIP:
> "Finally, we make it possible to provide different security (SSL and SASL)
> settings for each listener name by adding a normalised prefix (the listener
> name is lowercased) to the config name. For example, if we wanted to set a
> different keystore for the CLIENT listener, we would set a config with name
> listener.name.client.ssl.keystore.location. If the config for the listener
> name is not set, we will fallback to the generic config (i.e.
> ssl.keystore.location) for compatibility and convenience. For the SASL case,
> some configs are provided via a JAAS file, which consists of one or more
> entries. The broker currently looks for an entry named KafkaServer. We will
> extend this so that the broker first looks for an entry with a lowercased
> listener name followed by a dot as a prefix to the existing name. For the
> CLIENT listener example, the broker would first look for client.KafkaServer
> with a fallback to KafkaServer, if necessary."
> KIP link for details:
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-103%3A+Separation+of+Internal+and+External+traffic
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
