[jira] [Commented] (KAFKA-4636) Per listener security setting overrides (KIP-103)

Thu, 19 Jan 2017 05:18:07 -0800 

    [ 
https://issues.apache.org/jira/browse/KAFKA-4636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15829891#comment-15829891
 ] 

ASF GitHub Bot commented on KAFKA-4636:
---------------------------------------

GitHub user ijuma opened a pull request:

    https://github.com/apache/kafka/pull/2406

    KAFKA-4636; Per listener security settings overrides (WIP)

    Additional tests need to be added and an important FIXME needs to be fixed 
in `PlainSaslServer`.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/ijuma/kafka 
kafka-4636-per-listener-security-settings

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/2406.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2406
    
----
commit f2db2a43862da6bde3c9ece0493240540fabe913
Author: Ismael Juma <ism...@juma.me.uk>
Date:   2017-01-19T13:10:30Z

    KAFKA-4636; Per listener security settings overrides

----


> Per listener security setting overrides (KIP-103)
> -------------------------------------------------
>
>                 Key: KAFKA-4636
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4636
>             Project: Kafka
>          Issue Type: Improvement
>            Reporter: Ismael Juma
>            Assignee: Ismael Juma
>              Labels: kip
>             Fix For: 0.10.2.0
>
>
> This is a follow-up to KAFKA-4565 where most of KIP-103 was implemented. I 
> quote the missing bit from the KIP:
> "Finally, we make it possible to provide different security (SSL and SASL) 
> settings for each listener name by adding a normalised prefix (the listener 
> name is lowercased)  to the config name. For example, if we wanted to set a 
> different keystore for the CLIENT listener, we would set a config with name 
> listener.name.client.ssl.keystore.location. If the config for the listener 
> name is not set, we will fallback to the generic config (i.e. 
> ssl.keystore.location) for compatibility and convenience. For the SASL case, 
> some configs are provided via a JAAS file, which consists of one or more 
> entries. The broker currently looks for an entry named KafkaServer. We will 
> extend this so that the broker first looks for an entry with a lowercased 
> listener name followed by a dot as a prefix to the existing name. For the 
> CLIENT listener example, the broker would first look for client.KafkaServer 
> with a fallback to KafkaServer, if necessary."
> KIP link for details:
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-103%3A+Separation+of+Internal+and+External+traffic



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to