You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "kaushik srinivas (Jira)" <ji...@apache.org> on 2020/05/04 10:10:00 UTC
[jira] [Commented] (KAFKA-9933) Need doc update on the
AclAuthorizer when SASL_SSL is the protocol used.
[ https://issues.apache.org/jira/browse/KAFKA-9933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17098824#comment-17098824 ]
kaushik srinivas commented on KAFKA-9933:
-----------------------------------------
Hi
[~ijuma]
Need your inputs. We enable both SASL and SSL with
flavours of GSSAPI and PLAIN mechanisms both in varied deployments.
Thanks,
kaushik
> Need doc update on the AclAuthorizer when SASL_SSL is the protocol used.
> ------------------------------------------------------------------------
>
> Key: KAFKA-9933
> URL: https://issues.apache.org/jira/browse/KAFKA-9933
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.1
> Reporter: kaushik srinivas
> Priority: Critical
>
> Hello,
> Document on the usage of the authorizer does not speak about the principal being used when the protocol for the listener is chosen as SASL + SSL (SASL_SSL).
> Suppose kerberos and ssl is enabled together, will the authorization be based on the kerberos principal names or on the ssl certificate DN names ?
> There is no document covering this part of the use case.
> This needs information and documentation update.
> Thanks,
> Kaushik.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)