Ismael Juma created KAFKA-4636:
----------------------------------
Summary: Per listener security settings (KIP-103)
Key: KAFKA-4636
URL: https://issues.apache.org/jira/browse/KAFKA-4636
Project: Kafka
Issue Type: Bug
Reporter: Ismael Juma
Fix For: 0.10.2.0
This is a follow-up to KAFKA-4565 where most of KIP-103 was implemented. I
quote the missing bit from the KIP:
"Finally, we make it possible to provide different security (SSL and SASL)
settings for each listener name by adding a normalised prefix (the listener
name is lowercased) to the config name. For example, if we wanted to set a
different keystore for the CLIENT listener, we would set a config with name
listener.name.client.ssl.keystore.location. If the config for the listener name
is not set, we will fallback to the generic config (i.e. ssl.keystore.location)
for compatibility and convenience. For the SASL case, some configs are provided
via a JAAS file, which consists of one or more entries. The broker currently
looks for an entry named KafkaServer. We will extend this so that the broker
first looks for an entry with a lowercased listener name followed by a dot as a
prefix to the existing name. For the CLIENT listener example, the broker would
first look for client.KafkaServer with a fallback to KafkaServer, if necessary."
KIP link for details:
https://cwiki.apache.org/confluence/display/KAFKA/KIP-103%3A+Separation+of+Internal+and+External+traffic
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
