Hi, My company is currently looking at Kafka as message broker. One of key aspects is security. I'm currently looking at authentication/authorization mechanisms in Kafka 0.9.0.0-SNAPSHOT. We have decided that SSL based authentication/authorization will be sufficient for us at the begging. We have managed to get mechanism working, but I have couple of questions:
1) In page https://cwiki.apache.org/confluence/display/KAFKA/Security#Security-Authorization you are describing username extraction mechanism like this: "When the client authenticates using SSL, the user name will be the first element in the Subject Alternate Name field of the client certificate.". I found it isn't implemented in current Kafka sources . Will it be implemented in the future? 2) I found that currently username is a concatenation of standard certificate fields and it looks like this: "CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown". It's ok for us, but it turned out that kafka.admin.AclCommand don't accept username containing commas, as they are used in list of users. To get it working I had to change kafka.admin.AclCommand to accept commas in a username. The question is: am I doing something wrong or is it an unfinished feature? Kind regards Łukasz Dębowczyk