Naresh created KAFKA-12807:
------------------------------
Summary: allow mTLS authorization based on different fields of
X509 certificate
Key: KAFKA-12807
URL: https://issues.apache.org/jira/browse/KAFKA-12807
Project: Kafka
Issue Type: Improvement
Reporter: Naresh
Builtin simple authorizer uses X500Principal to authorize the mTLS principals.
There are other fields like SAN (Subject Alternative Name), Serial.No can be
used to extend the certificate properties.
Adding authorization based on SAN would help break the dependency on the
CommonName in environments where CommonName is used with Autogenerated
hostnames at the same time use the certs to do client auth with the kafka
brokers.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
