[jira] [Resolved] (KAFKA-18627) add allowed modules to JaasUtils

Chia-Ping Tsai (Jira) Wed, 18 Jun 2025 08:09:05 -0700


     [ 
https://issues.apache.org/jira/browse/KAFKA-18627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Chia-Ping Tsai resolved KAFKA-18627.
------------------------------------
    Resolution: Fixed

> add allowed modules to JaasUtils
> --------------------------------
>
>                 Key: KAFKA-18627
>                 URL: https://issues.apache.org/jira/browse/KAFKA-18627
>             Project: Kafka
>          Issue Type: Improvement
>            Reporter: Chia-Ping Tsai
>            Assignee: xuanzhang gong
>            Priority: Major
>              Labels: need-kip
>             Fix For: 4.2.0
>
>
> Currently, we allow all login modules except for those explicitly listed in 
> `{{{}org.apache.kafka.disallowed.login.modules`{}}}. This approach presents a 
> security risk: new and potentially insecure login modules may emerge over 
> time. To mitigate this, we should consider adding 
> {{org.apache.kafka.allowed.login.modules}} to explicitly list all built-in 
> login modules and reject any other modules not included in this list.
> (optional) we can deprecate `org.apache.kafka.disallowed.login.modules` and 
> print warning message when users explicitly define it.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (KAFKA-18627) add allowed modules to JaasUtils

Reply via email to