Thank you. On Fri, 22 Jan 2016 at 08:39 Guozhang Wang <wangg...@gmail.com> wrote:
> Done. > > On Thu, Jan 21, 2016 at 12:38 AM, tao xiao <xiaotao...@gmail.com> wrote: > > > Hi Guozhang, > > > > Thanks for that. > > > > Can you please grant kevinth the write access too? He is my colleague and > > both of us work on this topic now. > > > > On Wed, 20 Jan 2016 at 14:55 Guozhang Wang <wangg...@gmail.com> wrote: > > > > > Tao, > > > > > > I have granted you the access. > > > > > > Guozhang > > > > > > > > > On Tue, Jan 19, 2016 at 7:56 PM, Connie Yang <cybercon...@gmail.com> > > > wrote: > > > > > > > @Ismael, what's the status of the SASL/PLAIN PR, > > > > https://github.com/apache/kafka/pull/341? > > > > > > > > > > > > > > > > On Tue, Jan 19, 2016 at 6:25 PM, tao xiao <xiaotao...@gmail.com> > > wrote: > > > > > > > > > The PR provides a new SASL mech but it doesn't provide a pluggable > > way > > > to > > > > > implement user's own logic to do authentication. So I don't think > the > > > PR > > > > > will meet my need. > > > > > > > > > > I will write a KIP to open the discussion. > > > > > > > > > > p.s. Ismael, can you grant me the permission to create a KIP in > Kafka > > > > > space? > > > > > > > > > > > > > > > On Wed, 20 Jan 2016 at 10:08 Ismael Juma <ism...@juma.me.uk> > wrote: > > > > > > > > > > > Hi Tao, > > > > > > > > > > > > The other way would be to implement a SASL provider: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://docs.oracle.com/javase/8/docs/technotes/guides/security/sasl/sasl-refguide.html#PROV > > > > > > > > > > > > This would still require Kafka to be changed, some of the changes > > are > > > > in > > > > > > the following PR: > > > > > > > > > > > > https://github.com/apache/kafka/pull/341 > > > > > > > > > > > > As per the discussion in the PR above, a KIP is also required. > > > > > > > > > > > > Ismael > > > > > > > > > > > > On Wed, Jan 20, 2016 at 1:48 AM, tao xiao <xiaotao...@gmail.com> > > > > wrote: > > > > > > > > > > > > > Hi Ismael, > > > > > > > > > > > > > > BTW looks like I don't have the permission to add a KIP in > Kafka > > > > space. > > > > > > Can > > > > > > > you please grant me the permission? > > > > > > > > > > > > > > On Wed, 20 Jan 2016 at 09:40 tao xiao <xiaotao...@gmail.com> > > > wrote: > > > > > > > > > > > > > > > Hi Ismael, > > > > > > > > > > > > > > > > Thank you for your reply. I am happy to have a writeup on > this. > > > > > > > > > > > > > > > > Can you think of any other ways to make security protocol > > > pluggable > > > > > > > > instead of extending ChannelBuilder? > > > > > > > > > > > > > > > > On Wed, 20 Jan 2016 at 02:14 Ismael Juma <ism...@juma.me.uk> > > > > wrote: > > > > > > > > > > > > > > > >> Hi Tao, > > > > > > > >> > > > > > > > >> As you say, security protocols are not currently pluggable. > > > > > > > >> `ChannelBuilder` is already an interface, but > > `SecurityProtocol` > > > > is > > > > > an > > > > > > > >> enum, which makes it hard for users to add additional > security > > > > > > > protocols. > > > > > > > >> Changing this would probably require a KIP: > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/Kafka+Improvement+Proposals > > > > > > > >> > > > > > > > >> Ismael > > > > > > > >> > > > > > > > >> On Mon, Jan 18, 2016 at 3:15 AM, tao xiao < > > xiaotao...@gmail.com > > > > > > > > > > wrote: > > > > > > > >> > > > > > > > >> > Hi Kafka team, > > > > > > > >> > > > > > > > > >> > I want to know if I can plug-in my own security protocol > to > > > > Kafka > > > > > to > > > > > > > >> > implement project specific authentication mechanism. The > > > current > > > > > > > >> supported > > > > > > > >> > authentication protocols, SASL/GSSAPI and SSL, are not > > > supported > > > > > in > > > > > > my > > > > > > > >> > company and we have own security protocol to do > > > authentication. > > > > > > > >> > > > > > > > > >> > Is it a good idea to make ChannelBuilder extensible so > that > > I > > > > can > > > > > > > >> implement > > > > > > > >> > it with my own security channel? > > > > > > > >> > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > -- Guozhang > > > > > > > > > -- > -- Guozhang >
