[
https://issues.apache.org/jira/browse/KAFKA-14881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17709371#comment-17709371
]
Proven Provenzano edited comment on KAFKA-14881 at 4/6/23 1:10 PM:
-------------------------------------------------------------------
[PR-13513|https://github.com/apache/kafka/pull/13513]is available for review
was (Author: JIRAUSER298332):
[PR-13513|[https://github.com/apache/kafka/pull/13513]]is available for review
> Update UserScramCredentialRecord for SCRAM ZK to KRaft migration
> ----------------------------------------------------------------
>
> Key: KAFKA-14881
> URL: https://issues.apache.org/jira/browse/KAFKA-14881
> Project: Kafka
> Issue Type: Improvement
> Components: kraft
> Affects Versions: 3.5.0
> Reporter: Proven Provenzano
> Assignee: Proven Provenzano
> Priority: Major
> Fix For: 3.5.0
>
>
> I want to support ZK to KRaft migration.
> ZK stores a storedKey and a serverKey for each SCRAM credential not the
> saltedPassword.
> The storedKey and serverKey are a crypto hash of some data with the
> saltedPassword and it is not possible to extract the saltedPassword from them.
> The serverKey and storedKey are enough for SCRAM authentication and
> saltedPassword is not needed.
> I will update the UserScramCredentialRecord to store serverKey and storedKey
> instead of saltedPassword and I will update that SCRAM is only supported with
> a bumped version of IBP_3_5 so that there are no compatibility issues.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
