[
https://issues.apache.org/jira/browse/KAFKA-1686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14964807#comment-14964807
]
ASF GitHub Bot commented on KAFKA-1686:
---------------------------------------
GitHub user ijuma opened a pull request:
https://github.com/apache/kafka/pull/334
KAFKA-1686; Implement SASL/Kerberos
This PR implements SASL/Kerberos which was originally submitted by
@harshach as https://github.com/apache/kafka/pull/191.
I've been submitting PRs to Harsha's branch with fixes and improvements and
he has integrated all, but the most recent one. I'm creating this PR so that
the Jenkins can run the tests on the branch (they pass locally).
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ijuma/kafka KAFKA-1686-V1
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/kafka/pull/334.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #334
----
commit 82737e5bb71f67271d90c059dede74935f8a5e56
Author: Sriharsha Chintalapani <[email protected]>
Date: 2015-08-31T23:07:15Z
KAFKA-1686. Implement SASL/Kerberos.
commit a3417d7f2c558c0082799b117a3c62c706ad519d
Author: Sriharsha Chintalapani <[email protected]>
Date: 2015-09-03T03:31:34Z
KAFKA-1686. Implement SASL/Kerberos.
commit 8f718ce6b03a9c86712dc8f960af2b739b8ed510
Author: Sriharsha Chintalapani <[email protected]>
Date: 2015-09-03T04:10:40Z
KAFKA-1686. Implement SASL/Kerberos.
commit aa928952305a31c5b6e2bac705d350f94c9f7501
Author: Sriharsha Chintalapani <[email protected]>
Date: 2015-09-03T13:48:47Z
Added licesense.
commit f178107b516af414162634fc7253cedd2a6a3bf5
Author: Sriharsha Chintalapani <[email protected]>
Date: 2015-09-03T13:57:57Z
KAFKA-1686. Implement SASL/Kerberos.
commit 71b6fdbc841cffd5279eb2044c4da69acc172626
Author: Sriharsha Chintalapani <[email protected]>
Date: 2015-10-03T23:09:23Z
Merge remote-tracking branch 'refs/remotes/origin/trunk' into KAFKA-1686-V1
commit 9d260c67472296d752f74bc04eefb1e95b6b9746
Author: Sriharsha Chintalapani <[email protected]>
Date: 2015-10-04T18:36:52Z
KAFKA-1686. Fixes after the merge.
commit 5723dd2a392a307cfd6484c1f3f7c32cc8891940
Author: Sriharsha Chintalapani <[email protected]>
Date: 2015-10-09T06:43:51Z
KAFKA-1686. Addressing comments.
commit 8cf30d0b3a0aefa08cb9d86d59f0f16d810d7481
Author: Ismael Juma <[email protected]>
Date: 2015-10-09T07:36:19Z
Merge remote-tracking branch 'apache/trunk' into KAFKA-1686-V1
* apache/trunk:
KAFKA-2596: reject commits from unknown groups with positive generations
MINOR: typing ProcessorDef
KAFKA-2477: Fix a race condition between log append and fetch that causes
OffsetOutOfRangeException.
KAFKA-2428: Add sanity check in KafkaConsumer for the timeouts
Kafka-2587: Only notification handler will update the cache and all
verifications will use waitUntilTrue.
KAFKA-2419; Garbage collect unused sensors
KAFKA-2534: Fixes and unit tests for SSLTransportLayer buffer overflow
KAFKA-2476: Add Decimal, Date, and Timestamp logical types.
KAFKA-2474: Add caching of JSON schema conversions to JsonConverter
KAFKA-2482: Allow sink tasks to get their current assignment, as well as
pause and resume topic partitions.
KAFKA-2573: Mirror maker system test hangs and eventually fails
KAFKA-2599: Fix Metadata.getClusterForCurrentTopics throws NPE
TRIVIAL: remove TODO in KafkaConsumer after KAFKA-2120
HOTFIX: Persistent store in ProcessorStateManagerTest
KAFKA-2604; Remove `completeAll` and improve timeout passed to
`Selector.poll` from `NetworkClient.poll`
KAFKA-2601; ConsoleProducer tool shows stacktrace on invalid command
parameters
commit 2596c4a668f7095f4cfce36b34504c50f4603631
Author: Ismael Juma <[email protected]>
Date: 2015-10-09T12:21:05Z
Remove unused code, fix formatting and minor javadoc tweaks
commit 2919bc3ae474b3e27ca5cb0c75e4cff0fee9ca93
Author: Ismael Juma <[email protected]>
Date: 2015-10-09T12:23:17Z
Fix bad merge in `TestUtils`
commit 9ed1a2635d97c290e42b723ce8db2bf60c1c6440
Author: Ismael Juma <[email protected]>
Date: 2015-10-09T12:23:46Z
Remove -XX:-MaxFDLimit from `gradle.properties`
commit 2d2fcecb7bda62519d36d4f71a955cf55c8bbd2a
Author: Ismael Juma <[email protected]>
Date: 2015-10-09T12:36:06Z
Support `SSLSASL` in `ChannelBuilders`, reduce duplication in `TestUtils`
and clean-up `SaslTestHarness`
commit 6a13667232c2946ed92fdebcb467f27d6adf075f
Author: Harsha <[email protected]>
Date: 2015-10-09T14:16:30Z
Merge pull request #1 from ijuma/KAFKA-1686-V1
Merge trunk and a few improvements and fixes
commit 32ab6f468505edf10be686905019c4d202663f72
Author: Sriharsha Chintalapani <[email protected]>
Date: 2015-10-09T22:21:26Z
KAFKA-1686. Added SaslConsumerTest, fixed a bug in SecurityProtocol.
commit 58064b46a7ddbb7d2293e33c7b66c35f76043588
Author: Sriharsha Chintalapani <[email protected]>
Date: 2015-10-09T22:33:11Z
KAFKA-1686. removing unnecessary logs.
commit dc05e079cbbdbcc6e3f1613b720545a3a8531d94
Author: Ismael Juma <[email protected]>
Date: 2015-10-11T11:36:50Z
Merge remote-tracking branch 'apache/trunk' into KAFKA-1686-V1
* apache/trunk:
MINOR: Use the correct processor id in the processor thread name
KAFKA-2614; No more clients can connect after
`TooManyConnectionsException` threshold (max.connections.per.ip) is reached
MINOR: putting back kstream stateful transform methods
MINOR: Fix exception message in Copycat's Time logical type.
KAFKA-2600: Align Kafka Streams' interfaces with Java 8 functional
interfaces
KAFKA-2622: Add Time logical type for Copycat.
commit 9e6ba51a54e467177d1c724e1f3ecab264d7a837
Author: Ismael Juma <[email protected]>
Date: 2015-10-12T14:11:37Z
A number of code clean-ups
* Address some of Jun's and Parth's comments
* Make fields final
* Reduce scope of variables where possible
* Remove unused fields and methods
* Fix javadoc
* Fix formatting and naming issues
commit fc40c986ddd8f9653ca96c8f683074f0114f8590
Author: Ismael Juma <[email protected]>
Date: 2015-10-12T14:12:38Z
Return non-anonymous `KafkaPrincipal` in `SaslClientAuthenticator.principal`
commit e80cad9298a2c0491b811c16113685b8a0df2084
Author: Harsha <[email protected]>
Date: 2015-10-13T01:02:59Z
Merge pull request #2 from ijuma/KAFKA-1686-V1
Merge trunk, address some feedback and code clean-ups
commit 1d53bcea1c2e95585ec474cd52f4cf87104ef940
Author: Sriharsha Chintalapani <[email protected]>
Date: 2015-10-13T05:11:08Z
KAFKA-1686. Added default sasl configs , addressed reviews.
commit e637120467c530ecf559eb2e6278e55fab655551
Author: Ismael Juma <[email protected]>
Date: 2015-10-13T15:13:35Z
Simplify `Shell` by removing unused functionality and other clean-ups.
commit a3bd8d25a575b0fabf0811fd448d96a677f2ed4c
Author: Ismael Juma <[email protected]>
Date: 2015-10-13T15:13:50Z
Config clean-ups
commit 6dea484dd3a20468fde9aef318446eb761446d4a
Author: Ismael Juma <[email protected]>
Date: 2015-10-13T15:14:39Z
Tweak logging and make fields final in `Login`
commit d5768c8fb55f0f71fd7f067fc532aae708209416
Author: Ismael Juma <[email protected]>
Date: 2015-10-13T16:03:47Z
Minor simplification of `SaslClientAuthenticator.complete` as per Jun's
comment
commit 37980d736cdaa60e938ada28b00653c4688aaec6
Author: Ismael Juma <[email protected]>
Date: 2015-10-13T16:04:40Z
Tweak assignment of `Login.lastLogin`
commit ae430bebc6ddc04afac50b1be0c82b0c2faebb88
Author: Ismael Juma <[email protected]>
Date: 2015-10-13T16:11:49Z
Remove `currentWallTime()` and `currentElapsedTime()` from `Time` for now
Add private methods to `Login` instead as it's the only class where they
are used.
commit 190fe8613558258d4f478fa380cbfc2d868a876c
Author: Ismael Juma <[email protected]>
Date: 2015-10-13T16:38:59Z
Rename SSLSASL to SASL_SSL and PLAINTEXTSASL to SASL_PLAIN
commit 06353e427244a331d66dee087a6d7e6e1aace22e
Author: Ismael Juma <[email protected]>
Date: 2015-10-13T16:50:51Z
Merge remote-tracking branch 'apache/trunk' into KAFKA-1686-V1
* apache/trunk:
KAFKA-2637; Cipher suite setting should be configurable for SSL
Closes #206 . *WONT FIX* - no new release planned for 0.8.2 branch
closes pr #206. *WONT FIX* - no new release planned for 0.8.2 branch
KAFKA-2613; Make maxParallelForks configurable via Gradle config so it
can be turned down on shared build infrastructure.
KAFKA-2581: Run some existing ducktape tests with SSL
KAFKA-2203: Getting Java8 to relax about javadoc and let our build pass
KAFKA-2443 KAFKA-2567; Expose windowSize on Rate; - Throttle time should
not return NaN
KAFKA-2633; Default logging from tools to Stderr
commit ba29a432585c3dbe19c53e16b9ea12f6d4917bc0
Author: Ismael Juma <[email protected]>
Date: 2015-10-13T17:33:11Z
Call `removeInterestOps` when we complete.
----
> Implement SASL/Kerberos
> -----------------------
>
> Key: KAFKA-1686
> URL: https://issues.apache.org/jira/browse/KAFKA-1686
> Project: Kafka
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.8.2.1
> Reporter: Jay Kreps
> Assignee: Sriharsha Chintalapani
> Priority: Blocker
> Fix For: 0.9.0.0
>
>
> Implement SASL/Kerberos authentication.
> To do this we will need to introduce a new SASLRequest and SASLResponse pair
> to the client protocol. This request and response will each have only a
> single byte[] field and will be used to handle the SASL challenge/response
> cycle. Doing this will initialize the SaslServer instance and associate it
> with the session in a manner similar to KAFKA-1684.
> When using integrity or encryption mechanisms with SASL we will need to wrap
> and unwrap bytes as in KAFKA-1684 so the same interface that covers the
> SSLEngine will need to also cover the SaslServer instance.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
