Re: [VOTE] KIP-896: Remove old client protocol API versions in Kafka 4.0

Thu, 07 Dec 2023 15:37:41 -0800 

Minor correction: only `SaslHandshake` was introduced in KIP-43.
`SaslAuthenticate` came later in KIP-152.

On Thu, Dec 7, 2023 at 3:18 PM Jason Gustafson <ja...@confluent.io> wrote:

> Hey Ismael,
>
> I'm considering if we can do something in this KIP for the SASL baggage
> we've accumulated. Prior to the existence of the `SaslHandshake` API, we
> supported the raw SASL protocol. The main gap was that it did not support
> negotiation of the SASL method. This was fixed in
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-43:+Kafka+SASL+enhancements
> where we added the `SaslHandshake` and `SaslAuthenticate`. This has been
> supported in the broker since 0.10.0 and, as far as I can tell, all major
> clients mentioned in the KIP support the `SaslHandshake` API. However, we
> still support fallback logic on the broker, effectively assuming GSSAPI if
> the initial request is not a Kafka request. Can we require SASL negotiation
> through `SaslHandshake` and drop support for this fallback logic?
>
> I also looked at `SaslAuthenticate`, which was added in
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-152+-+Improve+diagnostics+for+SASL+authentication+failures.
> Once method negotiation is complete using `SaslHandshake`, then we still
> support direct authentication using the SASL protocol (i.e. without the
> wrapped `SaslAuthenticate`).  It would be nice to drop this as well, but it
> looks like kafka-python may not implement it.
>
> Thanks,
> Jason
>
>
>
> On Fri, Nov 24, 2023 at 12:07 PM Ismael Juma <m...@ismaeljuma.com> wrote:
>
>> Hi all,
>>
>> I also vote +1.
>>
>> The vote passes with 4 binding +1s:
>>
>> 1. Colin McCabe
>> 2. Jun Rao
>> 3. Jose Sancio
>> 4. Ismael Juma
>>
>> Thanks,
>> Ismael
>>
>> On Tue, Nov 21, 2023 at 12:06 PM Ismael Juma <m...@ismaeljuma.com> wrote:
>>
>> > Hi all,
>> >
>> > I would like to start a vote on KIP-896. Please take a look and let us
>> > know what you think.
>> >
>> > Even though most of the changes in this KIP will be done for Apache
>> Kafka
>> > 4.0, I would like to introduce a new metric and new request log
>> attribute
>> > in Apache 3.7 to help users identify usage of deprecated protocol api
>> > versions.
>> >
>> > Link:
>> >
>> https://cwiki.apache.org/confluence/display/KAFKA/KIP-896%3A+Remove+old+client+protocol+API+versions+in+Kafka+4.0
>> >
>> > Thanks,
>> > Ismael
>> >
>>
>

Reply via email to