Thanks everyone for the responses. I can do testing as well once it is available on trunk...potentially before with the custom fork as well. I did notice one thing when testing with the console-producer on the first put to a topic after connecting:
The Producer reported this warning to me: [2014-07-23 20:45:24,509] WARN Attempt to reinitialize auth context (kafka.network.security.SecureAuth$) and the broker gave me this: [2014-07-23 20:45:24,114] INFO begin ssl handshake for n5.example.com/192.168.1.144:48817//192.168.1.144:9092 (kafka.network.security.SSLSocketChannel) [2014-07-23 20:45:24,374] INFO finished ssl handshake for n5.example.com/192.168.1.144:48817//192.168.1.144:9092 (kafka.network.security.SSLSocketChannel) [2014-07-23 20:45:24,493] INFO Closing socket connection to n5.example.com/192.168.1.144. (kafka.network.Processor) [2014-07-23 20:45:24,555] INFO begin ssl handshake for n5.example.com/192.168.1.144:48818//192.168.1.144:9092 (kafka.network.security.SSLSocketChannel) [2014-07-23 20:45:24,566] INFO finished ssl handshake for n5.example.com/192.168.1.144:48818//192.168.1.144:9092 (kafka.network.security.SSLSocketChannel) It's like the producer did the SSL piece twice :) Subsequent puts to the topic did not exhibit this behavior though: root@n5[937]:~/kafka_2.10-0-8-2-0.1.0.0> bin/kafka-console-producer.sh --broker-list n5:9092 --secure --client.security.file config/client.security.properties --topic test [2014-07-23 20:45:17,530] WARN Property topic is not valid (kafka.utils. VerifiableProperties) 1 [2014-07-23 20:45:24,509] WARN Attempt to reinitialize auth context (kafka.network.security.SecureAuth$) 2 3 4 Probably something minor, but wanted to point it out! Chris On Fri, Jul 25, 2014 at 11:32 AM, Rajasekar Elango <rela...@salesforce.com> wrote: > Yes we are very much interested in getting this code merged to trunk. I can > also do testing once it's available on trunk. > > Thanks, > Raja. > > > On Fri, Jul 25, 2014 at 12:11 PM, Joe Stein <joe.st...@stealth.ly> wrote: > > > Hi Chris, glad to hear that even more folks are going to (want to) use > the > > feature. I didn't author the patch (Raja and Ivan did) and created the > > fork so folks could test it without much fuss. > > > > I just commented on the ticket to address Jun's last comment and think it > > also answers your question too. > > > > I know folks are using this now and other folks are looking to use it out > > of the core project. > > > > As long as it has a way to cause no harm when it is off I believe it > really > > adds to the value Kafka brings to a number of organizations that can't > use > > Kafka just because of this one thing. > > > > I am looking forward to being able to commit it to trunk. > > > > /******************************************* > > Joe Stein > > Founder, Principal Consultant > > Big Data Open Source Security LLC > > http://www.stealth.ly > > Twitter: @allthingshadoop <http://www.twitter.com/allthingshadoop> > > ********************************************/ > > > > > > On Fri, Jul 25, 2014 at 11:34 AM, Chris Neal <cwn...@gmail.com> wrote: > > > > > Hi guys, > > > > > > This JIRA (https://issues.apache.org/jira/browse/KAFKA-1477) leads me > to > > > believe that an authentication layer implementation is planned as part > of > > > the 0.8.2 release. I was wondering if this is still the case? > > > > > > There was an earlier thread talking about security, but there hasn't > been > > > activity on it in awhile. > > > > > > I grabbed Joe's fork and it works, but I was wondering about it getting > > > merged back into the official 0.8.2 codebase, or is this more likely > > > something that will be in 0.9? > > > > > > Thanks! > > > > > > > > > -- > Thanks, > Raja. >
