[
https://issues.apache.org/jira/browse/KAFKA-1686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14196392#comment-14196392
]
Jun Rao commented on KAFKA-1686:
--------------------------------
Another question that I have is on the authentication of the followers. Each
broker potentially needs to replicate messages from all other brokers and need
the read access to all topics. Do we need to create a user for every broker and
manually grant it the readALL permission before the broker can be added to a
Kafka cluster? That may not be very convenient. Another way is to let all
follower fetch request pass through w/o checking permissions at all.
> Implement SASL/Kerberos
> -----------------------
>
> Key: KAFKA-1686
> URL: https://issues.apache.org/jira/browse/KAFKA-1686
> Project: Kafka
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.9.0
> Reporter: Jay Kreps
> Assignee: Sriharsha Chintalapani
> Fix For: 0.9.0
>
>
> Implement SASL/Kerberos authentication.
> To do this we will need to introduce a new SASLRequest and SASLResponse pair
> to the client protocol. This request and response will each have only a
> single byte[] field and will be used to handle the SASL challenge/response
> cycle. Doing this will initialize the SaslServer instance and associate it
> with the session in a manner similar to KAFKA-1684.
> When using integrity or encryption mechanisms with SASL we will need to wrap
> and unwrap bytes as in KAFKA-1684 so the same interface that covers the
> SSLEngine will need to also cover the SaslServer instance.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
