Grzegorz Kokosinski created KAFKA-9336:
------------------------------------------
Summary: Connecting to Kafka using forwarded Kerberos credentials
Key: KAFKA-9336
URL: https://issues.apache.org/jira/browse/KAFKA-9336
Project: Kafka
Issue Type: Improvement
Components: clients
Reporter: Grzegorz Kokosinski
My application is using forwarded Kerberos tickets, see:
[https://web.mit.edu/kerberos/krb5-latest/doc/user/tkt_mgmt.html].
Users authenticates in my JMV-based remote service using KRB, then in my
service I would like to connect to Kafka (via KafkaProducer or KarkaConsumer)
using user KRB credentials. It looks like currently this scenario is impossible
to be implemented, because the only option to authenticate to Kafka with KRB is
via JVM system property:
-Djava.security.auth.login.config=/etc/kafka/kafka_client_jaas.conf.
Notice that I don't have a keytab file but only:
[https://docs.oracle.com/javase/7/docs/api/org/ietf/jgss/GSSCredential.html.|https://docs.oracle.com/javase/7/docs/api/org/ietf/jgss/GSSCredential.html]
GSSCredential allows me to use
[https://docs.oracle.com/javase/7/docs/api/javax/security/auth/Subject.html#doAs(javax.security.auth.Subject,%20java.security.PrivilegedAction)]
which typically works in other systems like Postgres to authenticate the user
with KRB using forwarded ticket.
afka requires to use
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
