Piyush Vijay created KAFKA-4185:

             Summary: Abstract out password verifier in SaslServer as an 
injectable dependency
                 Key: KAFKA-4185
                 URL: https://issues.apache.org/jira/browse/KAFKA-4185
             Project: Kafka
          Issue Type: Improvement
          Components: security
    Affects Versions:
            Reporter: Piyush Vijay
             Fix For:

Kafka comes with a default SASL/PLAIN implementation which assumes that 
username and password are present in a JAAS
config file. People often want to use some other way to provide username and 
password to SaslServer. Their best bet,
currently, is to have their own implementation of SaslServer (which would be, 
in most cases, a copied version of PlainSaslServer
minus the logic where password verification happens). This is not ideal.

We believe that there exists a better way to structure the current 
PlainSaslServer implementation which makes it very
easy for people to plug-in their custom password verifier without having to 
rewrite SaslServer or copy any code.

The idea is to have an injectable dependency interface PasswordVerifier which 
can be re-implemented based on the
requirements. There would be no need to re-implement or extend PlainSaslServer 

Note that this is commonly asked feature and there have been some attempts in 
the past to solve this problem:

We believe that this proposed solution does not have the demerits because of 
previous proposals were rejected.
I would be happy to discuss more.

Please find the link to the PR in the comments.

This message was sent by Atlassian JIRA

Reply via email to