Hi Guozhang, Thanks for that.
Can you please grant kevinth the write access too? He is my colleague and both of us work on this topic now. On Wed, 20 Jan 2016 at 14:55 Guozhang Wang <wangg...@gmail.com> wrote: > Tao, > > I have granted you the access. > > Guozhang > > > On Tue, Jan 19, 2016 at 7:56 PM, Connie Yang <cybercon...@gmail.com> > wrote: > > > @Ismael, what's the status of the SASL/PLAIN PR, > > https://github.com/apache/kafka/pull/341? > > > > > > > > On Tue, Jan 19, 2016 at 6:25 PM, tao xiao <xiaotao...@gmail.com> wrote: > > > > > The PR provides a new SASL mech but it doesn't provide a pluggable way > to > > > implement user's own logic to do authentication. So I don't think the > PR > > > will meet my need. > > > > > > I will write a KIP to open the discussion. > > > > > > p.s. Ismael, can you grant me the permission to create a KIP in Kafka > > > space? > > > > > > > > > On Wed, 20 Jan 2016 at 10:08 Ismael Juma <ism...@juma.me.uk> wrote: > > > > > > > Hi Tao, > > > > > > > > The other way would be to implement a SASL provider: > > > > > > > > > > > > > > > > > > https://docs.oracle.com/javase/8/docs/technotes/guides/security/sasl/sasl-refguide.html#PROV > > > > > > > > This would still require Kafka to be changed, some of the changes are > > in > > > > the following PR: > > > > > > > > https://github.com/apache/kafka/pull/341 > > > > > > > > As per the discussion in the PR above, a KIP is also required. > > > > > > > > Ismael > > > > > > > > On Wed, Jan 20, 2016 at 1:48 AM, tao xiao <xiaotao...@gmail.com> > > wrote: > > > > > > > > > Hi Ismael, > > > > > > > > > > BTW looks like I don't have the permission to add a KIP in Kafka > > space. > > > > Can > > > > > you please grant me the permission? > > > > > > > > > > On Wed, 20 Jan 2016 at 09:40 tao xiao <xiaotao...@gmail.com> > wrote: > > > > > > > > > > > Hi Ismael, > > > > > > > > > > > > Thank you for your reply. I am happy to have a writeup on this. > > > > > > > > > > > > Can you think of any other ways to make security protocol > pluggable > > > > > > instead of extending ChannelBuilder? > > > > > > > > > > > > On Wed, 20 Jan 2016 at 02:14 Ismael Juma <ism...@juma.me.uk> > > wrote: > > > > > > > > > > > >> Hi Tao, > > > > > >> > > > > > >> As you say, security protocols are not currently pluggable. > > > > > >> `ChannelBuilder` is already an interface, but `SecurityProtocol` > > is > > > an > > > > > >> enum, which makes it hard for users to add additional security > > > > > protocols. > > > > > >> Changing this would probably require a KIP: > > > > > >> > > > > > >> > > > > > >> > > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/Kafka+Improvement+Proposals > > > > > >> > > > > > >> Ismael > > > > > >> > > > > > >> On Mon, Jan 18, 2016 at 3:15 AM, tao xiao <xiaotao...@gmail.com > > > > > > wrote: > > > > > >> > > > > > >> > Hi Kafka team, > > > > > >> > > > > > > >> > I want to know if I can plug-in my own security protocol to > > Kafka > > > to > > > > > >> > implement project specific authentication mechanism. The > current > > > > > >> supported > > > > > >> > authentication protocols, SASL/GSSAPI and SSL, are not > supported > > > in > > > > my > > > > > >> > company and we have own security protocol to do > authentication. > > > > > >> > > > > > > >> > Is it a good idea to make ChannelBuilder extensible so that I > > can > > > > > >> implement > > > > > >> > it with my own security channel? > > > > > >> > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > -- > -- Guozhang >
