You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "kaushik srinivas (Jira)" <ji...@apache.org> on 2020/05/04 10:10:00 UTC

[jira] [Commented] (KAFKA-9933) Need doc update on the AclAuthorizer when SASL_SSL is the protocol used.

    [ https://issues.apache.org/jira/browse/KAFKA-9933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17098824#comment-17098824 ] 

kaushik srinivas commented on KAFKA-9933:
-----------------------------------------

Hi 

[~ijuma]

Need your inputs. We enable both SASL and SSL with 

flavours of GSSAPI and PLAIN mechanisms both in varied deployments.

Thanks,

kaushik

 

> Need doc update on the AclAuthorizer when SASL_SSL is the protocol used.
> ------------------------------------------------------------------------
>
>                 Key: KAFKA-9933
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9933
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: kaushik srinivas
>            Priority: Critical
>
> Hello,
> Document on the usage of the authorizer does not speak about the principal being used when the protocol for the listener is chosen as SASL + SSL (SASL_SSL).
> Suppose kerberos and ssl is enabled together, will the authorization be based on the kerberos principal names or on the ssl certificate DN names ?
> There is no document covering this part of the use case.
> This needs information and documentation update.
> Thanks,
> Kaushik.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)