You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Ismael Juma (JIRA)" <ji...@apache.org> on 2017/01/16 14:58:26 UTC
[jira] [Assigned] (KAFKA-4636) Per listener security settings
(KIP-103)
[ https://issues.apache.org/jira/browse/KAFKA-4636?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ismael Juma reassigned KAFKA-4636:
----------------------------------
Assignee: Ismael Juma
> Per listener security settings (KIP-103)
> ----------------------------------------
>
> Key: KAFKA-4636
> URL: https://issues.apache.org/jira/browse/KAFKA-4636
> Project: Kafka
> Issue Type: Bug
> Reporter: Ismael Juma
> Assignee: Ismael Juma
> Labels: kip
> Fix For: 0.10.2.0
>
>
> This is a follow-up to KAFKA-4565 where most of KIP-103 was implemented. I quote the missing bit from the KIP:
> "Finally, we make it possible to provide different security (SSL and SASL) settings for each listener name by adding a normalised prefix (the listener name is lowercased) to the config name. For example, if we wanted to set a different keystore for the CLIENT listener, we would set a config with name listener.name.client.ssl.keystore.location. If the config for the listener name is not set, we will fallback to the generic config (i.e. ssl.keystore.location) for compatibility and convenience. For the SASL case, some configs are provided via a JAAS file, which consists of one or more entries. The broker currently looks for an entry named KafkaServer. We will extend this so that the broker first looks for an entry with a lowercased listener name followed by a dot as a prefix to the existing name. For the CLIENT listener example, the broker would first look for client.KafkaServer with a fallback to KafkaServer, if necessary."
> KIP link for details:
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-103%3A+Separation+of+Internal+and+External+traffic
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)