Thanks everyone for the responses.

I can do testing as well once it is available on trunk...potentially before
with the custom fork as well.  I did notice one thing when testing with the
console-producer on the first put to a topic after connecting:

The Producer reported this warning to me:

[2014-07-23 20:45:24,509] WARN Attempt to reinitialize auth context
(kafka.network.security.SecureAuth$)

and the broker gave me this:
[2014-07-23 20:45:24,114] INFO begin ssl handshake for
n5.example.com/192.168.1.144:48817//192.168.1.144:9092
 (kafka.network.security.SSLSocketChannel)
[2014-07-23 20:45:24,374] INFO finished ssl handshake for
n5.example.com/192.168.1.144:48817//192.168.1.144:9092
 (kafka.network.security.SSLSocketChannel)
[2014-07-23 20:45:24,493] INFO Closing socket connection to
n5.example.com/192.168.1.144. (kafka.network.Processor)
[2014-07-23 20:45:24,555] INFO begin ssl handshake for
n5.example.com/192.168.1.144:48818//192.168.1.144:9092
 (kafka.network.security.SSLSocketChannel)
[2014-07-23 20:45:24,566] INFO finished ssl handshake for
n5.example.com/192.168.1.144:48818//192.168.1.144:9092
 (kafka.network.security.SSLSocketChannel)

It's like the producer did the SSL piece twice :)

Subsequent puts to the topic did not exhibit this behavior though:

root@n5[937]:~/kafka_2.10-0-8-2-0.1.0.0> bin/kafka-console-producer.sh
--broker-list n5:9092 --secure --client.security.file
config/client.security.properties --topic test
[2014-07-23 20:45:17,530] WARN Property topic is not valid (kafka.utils.
VerifiableProperties)
1
[2014-07-23 20:45:24,509] WARN Attempt to reinitialize auth context
(kafka.network.security.SecureAuth$)
2
3
4

Probably something minor, but wanted to point it out!
Chris


On Fri, Jul 25, 2014 at 11:32 AM, Rajasekar Elango <rela...@salesforce.com>
wrote:

> Yes we are very much interested in getting this code merged to trunk. I can
> also do testing once it's available on trunk.
>
> Thanks,
> Raja.
>
>
> On Fri, Jul 25, 2014 at 12:11 PM, Joe Stein <joe.st...@stealth.ly> wrote:
>
> > Hi Chris, glad to hear that even more folks are going to (want to) use
> the
> > feature.  I didn't author the patch (Raja and Ivan did) and created the
> > fork so folks could test it without much fuss.
> >
> > I just commented on the ticket to address Jun's last comment and think it
> > also answers your question too.
> >
> > I know folks are using this now and other folks are looking to use it out
> > of the core project.
> >
> > As long as it has a way to cause no harm when it is off I believe it
> really
> > adds to the value Kafka brings to a number of organizations that can't
> use
> > Kafka just because of this one thing.
> >
> > I am looking forward to being able to commit it to trunk.
> >
> > /*******************************************
> >  Joe Stein
> >  Founder, Principal Consultant
> >  Big Data Open Source Security LLC
> >  http://www.stealth.ly
> >  Twitter: @allthingshadoop <http://www.twitter.com/allthingshadoop>
> > ********************************************/
> >
> >
> > On Fri, Jul 25, 2014 at 11:34 AM, Chris Neal <cwn...@gmail.com> wrote:
> >
> > > Hi guys,
> > >
> > > This JIRA (https://issues.apache.org/jira/browse/KAFKA-1477) leads me
> to
> > > believe that an authentication layer implementation is planned as part
> of
> > > the 0.8.2 release.  I was wondering if this is still the case?
> > >
> > > There was an earlier thread talking about security, but there hasn't
> been
> > > activity on it in awhile.
> > >
> > > I grabbed Joe's fork and it works, but I was wondering about it getting
> > > merged back into the official 0.8.2 codebase, or is this more likely
> > > something that will be in 0.9?
> > >
> > > Thanks!
> > >
> >
>
>
>
> --
> Thanks,
> Raja.
>

Reply via email to