Christopher, SSL client authentication is currently disabled when SASL_SSL is used, so it is not possible to use client certificate credentials with SASL_SSL. Are you expecting to authenticate clients using certificates as well as using SASL? Or do you just need some mechanism to get hold of the client credentials with SSL?
Regards, Rajini On Fri, Feb 10, 2017 at 5:46 PM, Christopher Shannon < christopher.l.shan...@gmail.com> wrote: > I need to create a custom JAAS module for authentication but I need to pass > client certificate credentials as the principal. SASL_SSL mode has support > for a JAAS module but from looking at the source code there doesn't appear > to be a way to pass SSL client credentials to the module. The only > callback handlers are for username/password and for kerberos. However, the > SSL mode can extract a principal from the client certificate but when using > SSL without SASL there appears to be no way to plug in a JAAS module. > > So it seems that I am looking for kind of a combination of SSL and SASL_SSL > modes. Is there anyway to configure out the box what I am trying to do or > is this going to require a code change? I can work on a pull request if > necessary. >
