[jira] [Commented] (KAFKA-8669) Add java security providers in Kafka Security config

Tue, 16 Jul 2019 13:50:22 -0700 


    [ 
https://issues.apache.org/jira/browse/KAFKA-8669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16886449#comment-16886449
 ] 

Maulin Vasavada commented on KAFKA-8669:
----------------------------------------

Can you please start discussion thread? There is another KIP just for customize 
loading of the Keystore and Truststores - 
[https://cwiki.apache.org/confluence/display/KAFKA/KIP-486%3A+Support+custom+way+to+load+KeyStore+and+TrustStore.]
 Is the scope of this broader than that?

> Add java security providers in Kafka Security config
> ----------------------------------------------------
>
>                 Key: KAFKA-8669
>                 URL: https://issues.apache.org/jira/browse/KAFKA-8669
>             Project: Kafka
>          Issue Type: Improvement
>            Reporter: Sai Sandeep
>            Priority: Minor
>
> Currently kafka supports ssl.keymanager.algorithm and 
> ssl.trustmanager.algorithm parameters as part of secure config. These 
> parameters can be configured to load the key manager and trust managers which 
> provide keys and certificates for ssl handshakes with the clients/server. The 
> algorithms configured by parameters need to be registered by Java security 
> provider classes. These provider classes are configured as JVM properties 
> through java.security file. An example file given below
> {code:java}
> $ cat /usr/lib/jvm/jdk-8-oracle-x64/jre/lib/security/java.security
> ...
> security.provider.1=sun.security.provider.Sun
> security.provider.2=sun.security.rsa.SunRsaSign
> security.provider.3=sun.security.ec.SunEC
> …
> {code}
> Custom keymanager and trustmanager algorithms can be used to supply the kafka 
> brokers with keys and certificates, these algorithms can be used to replace 
> the traditional, non-scalable static keystore and truststore jks files.
> To take advantage of these custom algorithms, we want to support java 
> security provider parameter in security config. This param can be used by 
> kafka brokers or kafka clients(when connecting to the kafka brokers). The 
> security providers can also be used for configuring security in SASL based 
> communication too.
>  



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Reply via email to