You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by Joe Stein <jo...@stealth.ly> on 2014/04/02 16:32:00 UTC

Re: Kafka and authentication

Hi Raja, do you have an ICLA https://www.apache.org/licenses/icla.txt on
file with Apache?

One thought would be to branch a security branch at the commit you forked
from.  Then treat the rest of your commits as a contrib patch (requires
vote).

Then we could work on merging it into upstream and knock out some of the
security items.

Thoughts?

/*******************************************
 Joe Stein
 Founder, Principal Consultant
 Big Data Open Source Security LLC
 http://www.stealth.ly
 Twitter: @allthingshadoop <http://www.twitter.com/allthingshadoop>
********************************************/


On Mon, Mar 31, 2014 at 11:20 AM, Rajasekar Elango
<re...@salesforce.com>wrote:

> Hi Vijay,
>
> We implemented mutual ssl authentication in kafka for our internal use and
> we have plans to it contributed back to community.  But we implemented SSL
> over
> older snapshot of version of kafka 0.8 release. We have been busy with
> other projects and haven't got chance to merge our ssl changes to latest
> version
> of kafka. If you are interested in looking at the changes we made this, its
> available in my github fork of apache kafka (
> https://github.com/relango/kafka/tree/kafka_security)
>
> Thanks,
> Raja.
>
>
> On Fri, Mar 28, 2014 at 10:06 PM, Neha Narkhede <neha.narkhede@gmail.com
> >wrote:
>
> > Hi Vijay,
> >
> > The document you pointed out has our initial thoughts on Kafka security.
> > This work is still in design and discussion phase, no code has been
> written
> > as such and we hope to pick it up in a couple months. However, if you
> have
> > thoughts on how it should work and/or would like to contribute patches,
> we
> > would be happy to collaborate with you.
> >
> > Thanks,
> > Neha
> >
> >
> > On Fri, Mar 28, 2014 at 4:05 PM, Vijay Ramachandran <
> > vramachandran@apple.com
> > > wrote:
> >
> > > Hi All,
> > >
> > > I was googling around for info on securing kafka. The best document I
> > > could find was
> > https://cwiki.apache.org/confluence/display/KAFKA/Security,
> > > which is "kind of old". It is not clear if any steps were taken after
> > this
> > > doc was put together. Looking at the features / bug fixes in kafka also
> > > does not paint a clear picture. Hence this set of questions :
> > >
> > > Is there a way to make kafka authenticate a producer sending messages /
> > > consumer reading messages ?
> > > Is there a way to make kafka authenticate itself to the ZooKeeper
> > ensemble
> > > ?
> > >
> > > Any info will be deeply appreciated
> > >
> > > Thanks
> > >
> > > Vijay
> >
>
>
>
> --
> Thanks,
> Raja.
>

Re: Kafka and authentication

Posted by Jonathan Hodges <ho...@gmail.com>.

+1 for security branch

We are willing to assist with the merge.


On Wed, Apr 2, 2014 at 8:32 AM, Joe Stein <jo...@stealth.ly> wrote:

> Hi Raja, do you have an ICLA https://www.apache.org/licenses/icla.txt on
> file with Apache?
>
> One thought would be to branch a security branch at the commit you forked
> from.  Then treat the rest of your commits as a contrib patch (requires
> vote).
>
> Then we could work on merging it into upstream and knock out some of the
> security items.
>
> Thoughts?
>
> /*******************************************
>  Joe Stein
>  Founder, Principal Consultant
>  Big Data Open Source Security LLC
>  http://www.stealth.ly
>  Twitter: @allthingshadoop <http://www.twitter.com/allthingshadoop>
> ********************************************/
>
>
> On Mon, Mar 31, 2014 at 11:20 AM, Rajasekar Elango
> <re...@salesforce.com>wrote:
>
> > Hi Vijay,
> >
> > We implemented mutual ssl authentication in kafka for our internal use
> and
> > we have plans to it contributed back to community.  But we implemented
> SSL
> > over
> > older snapshot of version of kafka 0.8 release. We have been busy with
> > other projects and haven't got chance to merge our ssl changes to latest
> > version
> > of kafka. If you are interested in looking at the changes we made this,
> its
> > available in my github fork of apache kafka (
> > https://github.com/relango/kafka/tree/kafka_security)
> >
> > Thanks,
> > Raja.
> >
> >
> > On Fri, Mar 28, 2014 at 10:06 PM, Neha Narkhede <neha.narkhede@gmail.com
> > >wrote:
> >
> > > Hi Vijay,
> > >
> > > The document you pointed out has our initial thoughts on Kafka
> security.
> > > This work is still in design and discussion phase, no code has been
> > written
> > > as such and we hope to pick it up in a couple months. However, if you
> > have
> > > thoughts on how it should work and/or would like to contribute patches,
> > we
> > > would be happy to collaborate with you.
> > >
> > > Thanks,
> > > Neha
> > >
> > >
> > > On Fri, Mar 28, 2014 at 4:05 PM, Vijay Ramachandran <
> > > vramachandran@apple.com
> > > > wrote:
> > >
> > > > Hi All,
> > > >
> > > > I was googling around for info on securing kafka. The best document I
> > > > could find was
> > > https://cwiki.apache.org/confluence/display/KAFKA/Security,
> > > > which is "kind of old". It is not clear if any steps were taken after
> > > this
> > > > doc was put together. Looking at the features / bug fixes in kafka
> also
> > > > does not paint a clear picture. Hence this set of questions :
> > > >
> > > > Is there a way to make kafka authenticate a producer sending
> messages /
> > > > consumer reading messages ?
> > > > Is there a way to make kafka authenticate itself to the ZooKeeper
> > > ensemble
> > > > ?
> > > >
> > > > Any info will be deeply appreciated
> > > >
> > > > Thanks
> > > >
> > > > Vijay
> > >
> >
> >
> >
> > --
> > Thanks,
> > Raja.
> >
>