Adam Kunicki created KAFKA-3199:
-----------------------------------
Summary: LoginManager should allow using an existing Subject
Key: KAFKA-3199
URL: https://issues.apache.org/jira/browse/KAFKA-3199
Project: Kafka
Issue Type: Bug
Components: security
Affects Versions: 0.9.0.0
Reporter: Adam Kunicki
Assignee: Adam Kunicki
Priority: Critical
LoginManager currently creates a new Login in the constructor which then
performs a login and starts a ticket renewal thread. The problem here is that
because Kafka performs its own login, it doesn't offer the ability to re-use an
existing subject that's already managed by the client application.
The goal of LoginManager appears to be to be able to return a valid Subject. It
would be a simple fix to have LoginManager.acquireLoginManager() check for a
new config e.g. kerberos.use.existing.subject.
This would instead of creating a new Login in the constructor simply call
Subject.getSubject(AccessController.getContext()); to use the already logged in
Subject.
This is also doable without introducing a new configuration and simply checking
if there is already a valid Subject available, but I think it may be preferable
to require that users explicitly request this behavior.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
