[
https://issues.apache.org/jira/browse/KAFKA-2658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14985663#comment-14985663
]
Jun Rao commented on KAFKA-2658:
--------------------------------
[~rsivaram], we had a chat with a security consulting firm last week. It
actually strongly discourages the support of SASL/PLAIN in Kafka. The main
reason is that the plain password is not encrypted during the wire transfer and
can create a security loophole. Instead, it's better to support CRAM-MD5, which
is more secure. Given that, I don't think we can include this in 0.9.0.0.
> Implement SASL/PLAIN
> --------------------
>
> Key: KAFKA-2658
> URL: https://issues.apache.org/jira/browse/KAFKA-2658
> Project: Kafka
> Issue Type: Sub-task
> Components: security
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Critical
> Fix For: 0.9.0.0
>
>
> KAFKA-1686 supports SASL/Kerberos using GSSAPI. We should enable more SASL
> mechanisms. SASL/PLAIN would enable a simpler use of SASL, which along with
> SSL provides a secure Kafka that uses username/password for client
> authentication.
> SASL/PLAIN protocol and its uses are described in
> [https://tools.ietf.org/html/rfc4616]. It is supported in Java.
> This should be implemented after KAFKA-1686. This task should also hopefully
> enable simpler unit testing of the SASL code.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
