The PR provides a new SASL mech but it doesn't provide a pluggable way to implement user's own logic to do authentication. So I don't think the PR will meet my need.
I will write a KIP to open the discussion. p.s. Ismael, can you grant me the permission to create a KIP in Kafka space? On Wed, 20 Jan 2016 at 10:08 Ismael Juma <ism...@juma.me.uk> wrote: > Hi Tao, > > The other way would be to implement a SASL provider: > > > https://docs.oracle.com/javase/8/docs/technotes/guides/security/sasl/sasl-refguide.html#PROV > > This would still require Kafka to be changed, some of the changes are in > the following PR: > > https://github.com/apache/kafka/pull/341 > > As per the discussion in the PR above, a KIP is also required. > > Ismael > > On Wed, Jan 20, 2016 at 1:48 AM, tao xiao <xiaotao...@gmail.com> wrote: > > > Hi Ismael, > > > > BTW looks like I don't have the permission to add a KIP in Kafka space. > Can > > you please grant me the permission? > > > > On Wed, 20 Jan 2016 at 09:40 tao xiao <xiaotao...@gmail.com> wrote: > > > > > Hi Ismael, > > > > > > Thank you for your reply. I am happy to have a writeup on this. > > > > > > Can you think of any other ways to make security protocol pluggable > > > instead of extending ChannelBuilder? > > > > > > On Wed, 20 Jan 2016 at 02:14 Ismael Juma <ism...@juma.me.uk> wrote: > > > > > >> Hi Tao, > > >> > > >> As you say, security protocols are not currently pluggable. > > >> `ChannelBuilder` is already an interface, but `SecurityProtocol` is an > > >> enum, which makes it hard for users to add additional security > > protocols. > > >> Changing this would probably require a KIP: > > >> > > >> > > >> > > > https://cwiki.apache.org/confluence/display/KAFKA/Kafka+Improvement+Proposals > > >> > > >> Ismael > > >> > > >> On Mon, Jan 18, 2016 at 3:15 AM, tao xiao <xiaotao...@gmail.com> > wrote: > > >> > > >> > Hi Kafka team, > > >> > > > >> > I want to know if I can plug-in my own security protocol to Kafka to > > >> > implement project specific authentication mechanism. The current > > >> supported > > >> > authentication protocols, SASL/GSSAPI and SSL, are not supported in > my > > >> > company and we have own security protocol to do authentication. > > >> > > > >> > Is it a good idea to make ChannelBuilder extensible so that I can > > >> implement > > >> > it with my own security channel? > > >> > > > >> > > > > > >
