Re: [DISCUSS] KIP-43: Kafka SASL enhancements

Tue, 19 Apr 2016 17:21:06 -0700 

Just to close the loop on this. Discussed with Magnus offline on how KIP-43
and KIP-35 can play together. We agreed upon the following proposal.

On a SASL port,

client sends:

    ApiVersionRequest (optional), SaslHandshakeRequest, SASL tokens (size
delimited as being done now), regular api requests

client receives:

    ApiVersionResponse (optional), SaslHandshakeResponse, SASL tokens (size
delimited as being done now), regular api responses

The format of SaslHandshakeRequest is what's currently described in
KIP-43. There
will be some minor tweaks on ApiVersionResponse, which Magnus will follow
up in the KIP-35 thread itself.

Thanks,

Jun


On Wed, Apr 13, 2016 at 5:59 AM, Rajini Sivaram <
rajinisiva...@googlemail.com> wrote:

> I have updated the PR (https://github.com/apache/kafka/pull/812) and
> KIP-43
> to use standard Kafka format for the new request/response added by KIP-43.
> I haven't changed the overall structure of the Java code. Feedback is
> appreciated.
>
> Thanks,
>
> Rajini
>
> On Tue, Apr 12, 2016 at 3:52 PM, Ismael Juma <ism...@juma.me.uk> wrote:
>
> > Hi Jun,
> >
> > Comments inline.
> >
> > On Mon, Apr 11, 2016 at 1:57 AM, Jun Rao <j...@confluent.io> wrote:
> >
> > > Yes, that should be fine right? Since the new api key will start with
> a 0
> > > byte, it actually guarantees that it's different from 0x60 (1st byte in
> > the
> > > old protocol) even if we change the request version id in the future.
> >
> >
> > Yes, this is true. Also, the GSS API library will throw an exception if
> the
> > first byte is not 0x60 (for the case where newer clients connect to older
> > brokers):
> >
> >
> >
> https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/sun/security/jgss/GSSHeader.java#L97
> >
> >
> > And the DEFECTIVE_TOKEN status code is specified in both RFC 2743[1] and
> > RFC 5653[2]. Section 3.1 of RFC 2743 specifies that the token tag
> consists
> > of the following elements, in order:
> >
> > 1. 0x60 -- Tag for [APPLICATION 0] SEQUENCE; indicates that
> >       -- constructed form, definite length encoding follows.
> >
> > 2. Token length octets ...
> >
> >
> > Ismael
> >
> > [1] Generic Security Service Application Program Interface Version 2,
> > Update 1: https://tools.ietf.org/html/rfc2743
> > [2] Generic Security Service API Version 2: Java Bindings Update:
> > https://tools.ietf.org/html/rfc5653
> >
> > Ismael
> >
>
>
>
> --
> Regards,
>
> Rajini
>

Reply via email to