[
https://issues.apache.org/jira/browse/KAFKA-2658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14985939#comment-14985939
]
Jun Rao commented on KAFKA-2658:
--------------------------------
[~rsivaram], yes, perhaps enforcing that SASL/PLAIN can only be used with TLS
will work. Perhaps it's worth discussing that in a separate KIP so that we can
get feedback from people more familiar with security. In any case, given the
release timeline, it's probably too late to include this jira in 0.9.0.
> Implement SASL/PLAIN
> --------------------
>
> Key: KAFKA-2658
> URL: https://issues.apache.org/jira/browse/KAFKA-2658
> Project: Kafka
> Issue Type: Sub-task
> Components: security
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Critical
> Fix For: 0.9.0.0
>
>
> KAFKA-1686 supports SASL/Kerberos using GSSAPI. We should enable more SASL
> mechanisms. SASL/PLAIN would enable a simpler use of SASL, which along with
> SSL provides a secure Kafka that uses username/password for client
> authentication.
> SASL/PLAIN protocol and its uses are described in
> [https://tools.ietf.org/html/rfc4616]. It is supported in Java.
> This should be implemented after KAFKA-1686. This task should also hopefully
> enable simpler unit testing of the SASL code.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
