You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Ji sun (JIRA)" <ji...@apache.org> on 2017/06/08 21:37:18 UTC

[jira] [Commented] (KAFKA-3199) LoginManager should allow using an existing Subject

    [ https://issues.apache.org/jira/browse/KAFKA-3199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16043484#comment-16043484 ] 

Ji sun commented on KAFKA-3199:
-------------------------------

Hi Adam, do you mind me taking this jira for Kafka 0.10?

> LoginManager should allow using an existing Subject
> ---------------------------------------------------
>
>                 Key: KAFKA-3199
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3199
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 0.9.0.0
>            Reporter: Adam Kunicki
>            Assignee: Adam Kunicki
>            Priority: Critical
>
> LoginManager currently creates a new Login in the constructor which then performs a login and starts a ticket renewal thread. The problem here is that because Kafka performs its own login, it doesn't offer the ability to re-use an existing subject that's already managed by the client application.
> The goal of LoginManager appears to be to be able to return a valid Subject. It would be a simple fix to have LoginManager.acquireLoginManager() check for a new config e.g. kerberos.use.existing.subject. 
> This would instead of creating a new Login in the constructor simply call Subject.getSubject(AccessController.getContext()); to use the already logged in Subject.
> This is also doable without introducing a new configuration and simply checking if there is already a valid Subject available, but I think it may be preferable to require that users explicitly request this behavior.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)