[ https://issues.apache.org/jira/browse/KAFKA-2658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14985751#comment-14985751 ]
Rajini Sivaram commented on KAFKA-2658: --------------------------------------- [~junrao] As described in the RFC for SASL/PLAIN (https://tools.ietf.org/html/rfc4616), PLAIN mechanism is intended for use with a secure transport protocol like TLS. I dont believe CRAM-MD5 is secure enough to use without TLS either. WIth TLS, unencrypted password in SASL/PLAIN shouldn't be a concern. > Implement SASL/PLAIN > -------------------- > > Key: KAFKA-2658 > URL: https://issues.apache.org/jira/browse/KAFKA-2658 > Project: Kafka > Issue Type: Sub-task > Components: security > Reporter: Rajini Sivaram > Assignee: Rajini Sivaram > Priority: Critical > Fix For: 0.9.0.0 > > > KAFKA-1686 supports SASL/Kerberos using GSSAPI. We should enable more SASL > mechanisms. SASL/PLAIN would enable a simpler use of SASL, which along with > SSL provides a secure Kafka that uses username/password for client > authentication. > SASL/PLAIN protocol and its uses are described in > [https://tools.ietf.org/html/rfc4616]. It is supported in Java. > This should be implemented after KAFKA-1686. This task should also hopefully > enable simpler unit testing of the SASL code. -- This message was sent by Atlassian JIRA (v6.3.4#6332)