[
https://issues.apache.org/jira/browse/KAFKA-2658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14985751#comment-14985751
]
Rajini Sivaram commented on KAFKA-2658:
---------------------------------------
[~junrao] As described in the RFC for SASL/PLAIN
(https://tools.ietf.org/html/rfc4616), PLAIN mechanism is intended for use with
a secure transport protocol like TLS. I dont believe CRAM-MD5 is secure enough
to use without TLS either. WIth TLS, unencrypted password in SASL/PLAIN
shouldn't be a concern.
> Implement SASL/PLAIN
> --------------------
>
> Key: KAFKA-2658
> URL: https://issues.apache.org/jira/browse/KAFKA-2658
> Project: Kafka
> Issue Type: Sub-task
> Components: security
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Critical
> Fix For: 0.9.0.0
>
>
> KAFKA-1686 supports SASL/Kerberos using GSSAPI. We should enable more SASL
> mechanisms. SASL/PLAIN would enable a simpler use of SASL, which along with
> SSL provides a secure Kafka that uses username/password for client
> authentication.
> SASL/PLAIN protocol and its uses are described in
> [https://tools.ietf.org/html/rfc4616]. It is supported in Java.
> This should be implemented after KAFKA-1686. This task should also hopefully
> enable simpler unit testing of the SASL code.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
