Hi Ashish, I appreciate the need to integrate our authentication with other systems that store passwords. I am not sure that doing so by running a binary is the best solution.
First, it does not add security: As you said, a file is just "sitting there" the same way an executable is just "sitting there" - we still rely on file system privileges for security. Second, the idea that Kafka will run arbitrary filesystem executables is pretty terrifying. Reading a string from a file is harmless, but an incorrectly privileged executable can be replaced with "rm -rf /" or anything really. Kafka sometimes runs from privileged account, so this is a serious risk. I looked at the Hadoop credential store you helpfully linked to in the KIP, and it seems like the Hadoop proposal includes a well thought out API to integrate with external systems. Since we took this approach in the past, I'm wondering why not follow the same and use an API to integrate with credential stores rather than arbitrary executables. Gwen On Wed, Aug 24, 2016 at 12:03 PM, Ashish Singh <asi...@cloudera.com> wrote: > Hey Guys, > > I’ve just posted KIP-76: Enable getting password from executable rather > than passing as plaintext in config files > <https://cwiki.apache.org/confluence/display/KAFKA/KIP-76+Enable+getting+password+from+executable+rather+than+passing+as+plaintext+in+config+files> > . > > The proposal is to enable getting passwords from executable. This is an ask > from very security conscious users. > > Full details are here: > > KIP: > https://cwiki.apache.org/confluence/display/KAFKA/KIP-76+Enable+getting+password+from+executable+rather+than+passing+as+plaintext+in+config+files > JIRA: https://issues.apache.org/jira/browse/KAFKA-2629 > POC: https://github.com/apache/kafka/pull/1770 > > Thanks > > -- > > Regards, > Ashish -- Gwen Shapira Product Manager | Confluent 650.450.2760 | @gwenshap Follow us: Twitter | blog
