You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by Rajini Sivaram <ra...@gmail.com> on 2017/04/06 09:53:13 UTC
[VOTE] KIP-86: Configurable SASL callback handlers
Hi all,
I would like to start the voting process for KIP-86:
https://cwiki.apache.org/confluence/display/KAFKA/KIP-86%3A+Configurable+SASL+callback+handlers
The KIP makes callback handlers for SASL configurable to make it simpler to
integrate with custom authentication database or custom authentication
servers. This is particularly useful for SASL/PLAIN where the
implementation in Kafka based on credentials stored in jaas.conf is not
suitable for production use. It is also useful for SCRAM in environments
where ZooKeeper is not secure.
Thank you...
Regards,
Rajini
Re: [VOTE] KIP-86: Configurable SASL callback handlers
Posted by Rajini Sivaram <ra...@gmail.com>.
Thanks everyone for the feedback and votes.
The vote has passed with 3 binding votes (Jun, Ismael, me) and 6
non-binding votes (Edo, Mickael, Tom, Ted, Tao, Manikumar).
I will update the KIP page.
Regards,
Rajini
On Wed, Jan 24, 2018 at 7:26 AM, Ismael Juma <is...@juma.me.uk> wrote:
> Thanks for the KIP, Rajini. This is a useful improvement, so +1 (binding)
> from me.
>
> I really don't like how the Java Security classes work, so I would have
> preferred to avoid emulating them, but the KIP is consistent with previous
> related KIPs and that's the direction we chose previously. Also, I think I
> might have tried to reduce the number of configs from 2 to 1 (in broker and
> client) by relying more on Java, but I don't have a concrete proposal and
> it would result in a larger API surface area.
>
> Ismael
>
> On Thu, Apr 6, 2017 at 2:53 AM, Rajini Sivaram <ra...@gmail.com>
> wrote:
>
> > Hi all,
> >
> > I would like to start the voting process for KIP-86:
> >
> > https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> > 86%3A+Configurable+SASL+callback+handlers
> >
> > The KIP makes callback handlers for SASL configurable to make it simpler
> to
> > integrate with custom authentication database or custom authentication
> > servers. This is particularly useful for SASL/PLAIN where the
> > implementation in Kafka based on credentials stored in jaas.conf is not
> > suitable for production use. It is also useful for SCRAM in environments
> > where ZooKeeper is not secure.
> >
> > Thank you...
> >
> > Regards,
> >
> > Rajini
> >
>
Re: [VOTE] KIP-86: Configurable SASL callback handlers
Posted by Ismael Juma <is...@juma.me.uk>.
Thanks for the KIP, Rajini. This is a useful improvement, so +1 (binding)
from me.
I really don't like how the Java Security classes work, so I would have
preferred to avoid emulating them, but the KIP is consistent with previous
related KIPs and that's the direction we chose previously. Also, I think I
might have tried to reduce the number of configs from 2 to 1 (in broker and
client) by relying more on Java, but I don't have a concrete proposal and
it would result in a larger API surface area.
Ismael
On Thu, Apr 6, 2017 at 2:53 AM, Rajini Sivaram <ra...@gmail.com>
wrote:
> Hi all,
>
> I would like to start the voting process for KIP-86:
>
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> 86%3A+Configurable+SASL+callback+handlers
>
> The KIP makes callback handlers for SASL configurable to make it simpler to
> integrate with custom authentication database or custom authentication
> servers. This is particularly useful for SASL/PLAIN where the
> implementation in Kafka based on credentials stored in jaas.conf is not
> suitable for production use. It is also useful for SCRAM in environments
> where ZooKeeper is not secure.
>
> Thank you...
>
> Regards,
>
> Rajini
>
Re: [VOTE] KIP-86: Configurable SASL callback handlers
Posted by Ted Yu <yu...@gmail.com>.
+1
-------- Original message --------From: Manikumar <ma...@gmail.com> Date: 1/24/18 3:07 AM (GMT-08:00) To: dev@kafka.apache.org Subject: Re: [VOTE] KIP-86: Configurable SASL callback handlers
Hi,
+1 (non-binding)
Thanks for the KIP.
On Wed, Jan 24, 2018 at 5:00 AM, Jun Rao <ju...@confluent.io> wrote:
> Hi, Rajini,
>
> Thanks for the KIP. +1 from me.
>
> Jun
>
> On Thu, Jan 18, 2018 at 8:58 AM, tao xiao <xi...@gmail.com> wrote:
>
> > +1 (non-binding)
> >
> > On Fri, 19 Jan 2018 at 00:47 Rajini Sivaram <ra...@gmail.com>
> > wrote:
> >
> > > Hi all,
> > >
> > > I would like to restart the vote for KIP-86:
> > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-86
> > > %3A+Configurable+SASL+callback+handlers
> > >
> > > The KIP makes callback handlers for SASL configurable to make it
> simpler
> > to
> > > integrate with custom authentication database or custom authentication
> > > servers. This is particularly useful for SASL/PLAIN where the
> > > implementation in Kafka based on credentials stored in jaas.conf is not
> > > suitable for production use. It is also useful for SCRAM in
> environments
> > > where ZooKeeper is not secure. The KIP has also been updated to
> simplify
> > > addition of new SASL mechanisms by making the Login class configurable.
> > >
> > > The PR for the KIP has been rebased and updated (
> > > https://github.com/apache/kafka/pull/2022)
> > >
> > > Thank you,
> > >
> > > Rajini
> > >
> > >
> > >
> > > On Mon, Dec 11, 2017 at 2:22 PM, Ted Yu <yu...@gmail.com> wrote:
> > >
> > > > +1
> > > > -------- Original message --------From: Tom Bentley <
> > > t.j.bentley@gmail.com>
> > > > Date: 12/11/17 6:06 AM (GMT-08:00) To: dev@kafka.apache.org
> Subject:
> > > > Re: [VOTE] KIP-86: Configurable SASL callback handlers
> > > > +1 (non-binding)
> > > >
> > > > On 5 May 2017 at 11:57, Mickael Maison <mi...@gmail.com>
> > wrote:
> > > >
> > > > > Thanks for the KIP Rajini, this will significantly simplify
> providing
> > > > > custom credential providers
> > > > > +1 (non binding)
> > > > >
> > > > > On Wed, May 3, 2017 at 8:25 AM, Rajini Sivaram <
> > > rajinisivaram@gmail.com>
> > > > > wrote:
> > > > > > Can we have some more reviews or votes for this KIP to include in
> > > > > 0.11.0.0?
> > > > > > It is not a breaking change and the code is ready for
> integration,
> > so
> > > > it
> > > > > > will be good to get it in if possible.
> > > > > >
> > > > > > Ismael/Jun, since you had reviewed the KIP earlier, can you let
> me
> > > know
> > > > > if
> > > > > > I can do anything more to get your votes?
> > > > > >
> > > > > >
> > > > > > Thank you,
> > > > > >
> > > > > > Rajini
> > > > > >
> > > > > >
> > > > > > On Mon, Apr 10, 2017 at 12:18 PM, Edoardo Comar <
> ECOMAR@uk.ibm.com
> > >
> > > > > wrote:
> > > > > >
> > > > > >> +1 (non binding)
> > > > > >> many thanks Rajini !
> > > > > >>
> > > > > >> --------------------------------------------------
> > > > > >> Edoardo Comar
> > > > > >> IBM MessageHub
> > > > > >> ecomar@uk.ibm.com
> > > > > >> IBM UK Ltd, Hursley Park, SO21 2JN
> > > > > >>
> > > > > >> IBM United Kingdom Limited Registered in England and Wales with
> > > number
> > > > > >> 741598 Registered office: PO Box 41, North Harbour, Portsmouth,
> > > Hants.
> > > > > PO6
> > > > > >> 3AU
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> From: Rajini Sivaram <ra...@gmail.com>
> > > > > >> To: dev@kafka.apache.org
> > > > > >> Date: 06/04/2017 10:53
> > > > > >> Subject: [VOTE] KIP-86: Configurable SASL callback
> handlers
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> Hi all,
> > > > > >>
> > > > > >> I would like to start the voting process for KIP-86:
> > > > > >>
> > > > > >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> > > > > >> 86%3A+Configurable+SASL+callback+handlers
> > > > > >>
> > > > > >>
> > > > > >> The KIP makes callback handlers for SASL configurable to make it
> > > > simpler
> > > > > >> to
> > > > > >> integrate with custom authentication database or custom
> > > authentication
> > > > > >> servers. This is particularly useful for SASL/PLAIN where the
> > > > > >> implementation in Kafka based on credentials stored in jaas.conf
> > is
> > > > not
> > > > > >> suitable for production use. It is also useful for SCRAM in
> > > > environments
> > > > > >> where ZooKeeper is not secure.
> > > > > >>
> > > > > >> Thank you...
> > > > > >>
> > > > > >> Regards,
> > > > > >>
> > > > > >> Rajini
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> Unless stated otherwise above:
> > > > > >> IBM United Kingdom Limited - Registered in England and Wales
> with
> > > > number
> > > > > >> 741598.
> > > > > >> Registered office: PO Box 41, North Harbour, Portsmouth,
> Hampshire
> > > PO6
> > > > > 3AU
> > > > > >>
> > > > >
> > > >
> > >
> >
>
Re: [VOTE] KIP-86: Configurable SASL callback handlers
Posted by Manikumar <ma...@gmail.com>.
Hi,
+1 (non-binding)
Thanks for the KIP.
On Wed, Jan 24, 2018 at 5:00 AM, Jun Rao <ju...@confluent.io> wrote:
> Hi, Rajini,
>
> Thanks for the KIP. +1 from me.
>
> Jun
>
> On Thu, Jan 18, 2018 at 8:58 AM, tao xiao <xi...@gmail.com> wrote:
>
> > +1 (non-binding)
> >
> > On Fri, 19 Jan 2018 at 00:47 Rajini Sivaram <ra...@gmail.com>
> > wrote:
> >
> > > Hi all,
> > >
> > > I would like to restart the vote for KIP-86:
> > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-86
> > > %3A+Configurable+SASL+callback+handlers
> > >
> > > The KIP makes callback handlers for SASL configurable to make it
> simpler
> > to
> > > integrate with custom authentication database or custom authentication
> > > servers. This is particularly useful for SASL/PLAIN where the
> > > implementation in Kafka based on credentials stored in jaas.conf is not
> > > suitable for production use. It is also useful for SCRAM in
> environments
> > > where ZooKeeper is not secure. The KIP has also been updated to
> simplify
> > > addition of new SASL mechanisms by making the Login class configurable.
> > >
> > > The PR for the KIP has been rebased and updated (
> > > https://github.com/apache/kafka/pull/2022)
> > >
> > > Thank you,
> > >
> > > Rajini
> > >
> > >
> > >
> > > On Mon, Dec 11, 2017 at 2:22 PM, Ted Yu <yu...@gmail.com> wrote:
> > >
> > > > +1
> > > > -------- Original message --------From: Tom Bentley <
> > > t.j.bentley@gmail.com>
> > > > Date: 12/11/17 6:06 AM (GMT-08:00) To: dev@kafka.apache.org
> Subject:
> > > > Re: [VOTE] KIP-86: Configurable SASL callback handlers
> > > > +1 (non-binding)
> > > >
> > > > On 5 May 2017 at 11:57, Mickael Maison <mi...@gmail.com>
> > wrote:
> > > >
> > > > > Thanks for the KIP Rajini, this will significantly simplify
> providing
> > > > > custom credential providers
> > > > > +1 (non binding)
> > > > >
> > > > > On Wed, May 3, 2017 at 8:25 AM, Rajini Sivaram <
> > > rajinisivaram@gmail.com>
> > > > > wrote:
> > > > > > Can we have some more reviews or votes for this KIP to include in
> > > > > 0.11.0.0?
> > > > > > It is not a breaking change and the code is ready for
> integration,
> > so
> > > > it
> > > > > > will be good to get it in if possible.
> > > > > >
> > > > > > Ismael/Jun, since you had reviewed the KIP earlier, can you let
> me
> > > know
> > > > > if
> > > > > > I can do anything more to get your votes?
> > > > > >
> > > > > >
> > > > > > Thank you,
> > > > > >
> > > > > > Rajini
> > > > > >
> > > > > >
> > > > > > On Mon, Apr 10, 2017 at 12:18 PM, Edoardo Comar <
> ECOMAR@uk.ibm.com
> > >
> > > > > wrote:
> > > > > >
> > > > > >> +1 (non binding)
> > > > > >> many thanks Rajini !
> > > > > >>
> > > > > >> --------------------------------------------------
> > > > > >> Edoardo Comar
> > > > > >> IBM MessageHub
> > > > > >> ecomar@uk.ibm.com
> > > > > >> IBM UK Ltd, Hursley Park, SO21 2JN
> > > > > >>
> > > > > >> IBM United Kingdom Limited Registered in England and Wales with
> > > number
> > > > > >> 741598 Registered office: PO Box 41, North Harbour, Portsmouth,
> > > Hants.
> > > > > PO6
> > > > > >> 3AU
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> From: Rajini Sivaram <ra...@gmail.com>
> > > > > >> To: dev@kafka.apache.org
> > > > > >> Date: 06/04/2017 10:53
> > > > > >> Subject: [VOTE] KIP-86: Configurable SASL callback
> handlers
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> Hi all,
> > > > > >>
> > > > > >> I would like to start the voting process for KIP-86:
> > > > > >>
> > > > > >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> > > > > >> 86%3A+Configurable+SASL+callback+handlers
> > > > > >>
> > > > > >>
> > > > > >> The KIP makes callback handlers for SASL configurable to make it
> > > > simpler
> > > > > >> to
> > > > > >> integrate with custom authentication database or custom
> > > authentication
> > > > > >> servers. This is particularly useful for SASL/PLAIN where the
> > > > > >> implementation in Kafka based on credentials stored in jaas.conf
> > is
> > > > not
> > > > > >> suitable for production use. It is also useful for SCRAM in
> > > > environments
> > > > > >> where ZooKeeper is not secure.
> > > > > >>
> > > > > >> Thank you...
> > > > > >>
> > > > > >> Regards,
> > > > > >>
> > > > > >> Rajini
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> Unless stated otherwise above:
> > > > > >> IBM United Kingdom Limited - Registered in England and Wales
> with
> > > > number
> > > > > >> 741598.
> > > > > >> Registered office: PO Box 41, North Harbour, Portsmouth,
> Hampshire
> > > PO6
> > > > > 3AU
> > > > > >>
> > > > >
> > > >
> > >
> >
>
Re: [VOTE] KIP-86: Configurable SASL callback handlers
Posted by Jun Rao <ju...@confluent.io>.
Hi, Rajini,
Thanks for the KIP. +1 from me.
Jun
On Thu, Jan 18, 2018 at 8:58 AM, tao xiao <xi...@gmail.com> wrote:
> +1 (non-binding)
>
> On Fri, 19 Jan 2018 at 00:47 Rajini Sivaram <ra...@gmail.com>
> wrote:
>
> > Hi all,
> >
> > I would like to restart the vote for KIP-86:
> > https://cwiki.apache.org/confluence/display/KAFKA/KIP-86
> > %3A+Configurable+SASL+callback+handlers
> >
> > The KIP makes callback handlers for SASL configurable to make it simpler
> to
> > integrate with custom authentication database or custom authentication
> > servers. This is particularly useful for SASL/PLAIN where the
> > implementation in Kafka based on credentials stored in jaas.conf is not
> > suitable for production use. It is also useful for SCRAM in environments
> > where ZooKeeper is not secure. The KIP has also been updated to simplify
> > addition of new SASL mechanisms by making the Login class configurable.
> >
> > The PR for the KIP has been rebased and updated (
> > https://github.com/apache/kafka/pull/2022)
> >
> > Thank you,
> >
> > Rajini
> >
> >
> >
> > On Mon, Dec 11, 2017 at 2:22 PM, Ted Yu <yu...@gmail.com> wrote:
> >
> > > +1
> > > -------- Original message --------From: Tom Bentley <
> > t.j.bentley@gmail.com>
> > > Date: 12/11/17 6:06 AM (GMT-08:00) To: dev@kafka.apache.org Subject:
> > > Re: [VOTE] KIP-86: Configurable SASL callback handlers
> > > +1 (non-binding)
> > >
> > > On 5 May 2017 at 11:57, Mickael Maison <mi...@gmail.com>
> wrote:
> > >
> > > > Thanks for the KIP Rajini, this will significantly simplify providing
> > > > custom credential providers
> > > > +1 (non binding)
> > > >
> > > > On Wed, May 3, 2017 at 8:25 AM, Rajini Sivaram <
> > rajinisivaram@gmail.com>
> > > > wrote:
> > > > > Can we have some more reviews or votes for this KIP to include in
> > > > 0.11.0.0?
> > > > > It is not a breaking change and the code is ready for integration,
> so
> > > it
> > > > > will be good to get it in if possible.
> > > > >
> > > > > Ismael/Jun, since you had reviewed the KIP earlier, can you let me
> > know
> > > > if
> > > > > I can do anything more to get your votes?
> > > > >
> > > > >
> > > > > Thank you,
> > > > >
> > > > > Rajini
> > > > >
> > > > >
> > > > > On Mon, Apr 10, 2017 at 12:18 PM, Edoardo Comar <ECOMAR@uk.ibm.com
> >
> > > > wrote:
> > > > >
> > > > >> +1 (non binding)
> > > > >> many thanks Rajini !
> > > > >>
> > > > >> --------------------------------------------------
> > > > >> Edoardo Comar
> > > > >> IBM MessageHub
> > > > >> ecomar@uk.ibm.com
> > > > >> IBM UK Ltd, Hursley Park, SO21 2JN
> > > > >>
> > > > >> IBM United Kingdom Limited Registered in England and Wales with
> > number
> > > > >> 741598 Registered office: PO Box 41, North Harbour, Portsmouth,
> > Hants.
> > > > PO6
> > > > >> 3AU
> > > > >>
> > > > >>
> > > > >>
> > > > >> From: Rajini Sivaram <ra...@gmail.com>
> > > > >> To: dev@kafka.apache.org
> > > > >> Date: 06/04/2017 10:53
> > > > >> Subject: [VOTE] KIP-86: Configurable SASL callback handlers
> > > > >>
> > > > >>
> > > > >>
> > > > >> Hi all,
> > > > >>
> > > > >> I would like to start the voting process for KIP-86:
> > > > >>
> > > > >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> > > > >> 86%3A+Configurable+SASL+callback+handlers
> > > > >>
> > > > >>
> > > > >> The KIP makes callback handlers for SASL configurable to make it
> > > simpler
> > > > >> to
> > > > >> integrate with custom authentication database or custom
> > authentication
> > > > >> servers. This is particularly useful for SASL/PLAIN where the
> > > > >> implementation in Kafka based on credentials stored in jaas.conf
> is
> > > not
> > > > >> suitable for production use. It is also useful for SCRAM in
> > > environments
> > > > >> where ZooKeeper is not secure.
> > > > >>
> > > > >> Thank you...
> > > > >>
> > > > >> Regards,
> > > > >>
> > > > >> Rajini
> > > > >>
> > > > >>
> > > > >>
> > > > >> Unless stated otherwise above:
> > > > >> IBM United Kingdom Limited - Registered in England and Wales with
> > > number
> > > > >> 741598.
> > > > >> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire
> > PO6
> > > > 3AU
> > > > >>
> > > >
> > >
> >
>
Re: [VOTE] KIP-86: Configurable SASL callback handlers
Posted by tao xiao <xi...@gmail.com>.
+1 (non-binding)
On Fri, 19 Jan 2018 at 00:47 Rajini Sivaram <ra...@gmail.com> wrote:
> Hi all,
>
> I would like to restart the vote for KIP-86:
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-86
> %3A+Configurable+SASL+callback+handlers
>
> The KIP makes callback handlers for SASL configurable to make it simpler to
> integrate with custom authentication database or custom authentication
> servers. This is particularly useful for SASL/PLAIN where the
> implementation in Kafka based on credentials stored in jaas.conf is not
> suitable for production use. It is also useful for SCRAM in environments
> where ZooKeeper is not secure. The KIP has also been updated to simplify
> addition of new SASL mechanisms by making the Login class configurable.
>
> The PR for the KIP has been rebased and updated (
> https://github.com/apache/kafka/pull/2022)
>
> Thank you,
>
> Rajini
>
>
>
> On Mon, Dec 11, 2017 at 2:22 PM, Ted Yu <yu...@gmail.com> wrote:
>
> > +1
> > -------- Original message --------From: Tom Bentley <
> t.j.bentley@gmail.com>
> > Date: 12/11/17 6:06 AM (GMT-08:00) To: dev@kafka.apache.org Subject:
> > Re: [VOTE] KIP-86: Configurable SASL callback handlers
> > +1 (non-binding)
> >
> > On 5 May 2017 at 11:57, Mickael Maison <mi...@gmail.com> wrote:
> >
> > > Thanks for the KIP Rajini, this will significantly simplify providing
> > > custom credential providers
> > > +1 (non binding)
> > >
> > > On Wed, May 3, 2017 at 8:25 AM, Rajini Sivaram <
> rajinisivaram@gmail.com>
> > > wrote:
> > > > Can we have some more reviews or votes for this KIP to include in
> > > 0.11.0.0?
> > > > It is not a breaking change and the code is ready for integration, so
> > it
> > > > will be good to get it in if possible.
> > > >
> > > > Ismael/Jun, since you had reviewed the KIP earlier, can you let me
> know
> > > if
> > > > I can do anything more to get your votes?
> > > >
> > > >
> > > > Thank you,
> > > >
> > > > Rajini
> > > >
> > > >
> > > > On Mon, Apr 10, 2017 at 12:18 PM, Edoardo Comar <EC...@uk.ibm.com>
> > > wrote:
> > > >
> > > >> +1 (non binding)
> > > >> many thanks Rajini !
> > > >>
> > > >> --------------------------------------------------
> > > >> Edoardo Comar
> > > >> IBM MessageHub
> > > >> ecomar@uk.ibm.com
> > > >> IBM UK Ltd, Hursley Park, SO21 2JN
> > > >>
> > > >> IBM United Kingdom Limited Registered in England and Wales with
> number
> > > >> 741598 Registered office: PO Box 41, North Harbour, Portsmouth,
> Hants.
> > > PO6
> > > >> 3AU
> > > >>
> > > >>
> > > >>
> > > >> From: Rajini Sivaram <ra...@gmail.com>
> > > >> To: dev@kafka.apache.org
> > > >> Date: 06/04/2017 10:53
> > > >> Subject: [VOTE] KIP-86: Configurable SASL callback handlers
> > > >>
> > > >>
> > > >>
> > > >> Hi all,
> > > >>
> > > >> I would like to start the voting process for KIP-86:
> > > >>
> > > >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> > > >> 86%3A+Configurable+SASL+callback+handlers
> > > >>
> > > >>
> > > >> The KIP makes callback handlers for SASL configurable to make it
> > simpler
> > > >> to
> > > >> integrate with custom authentication database or custom
> authentication
> > > >> servers. This is particularly useful for SASL/PLAIN where the
> > > >> implementation in Kafka based on credentials stored in jaas.conf is
> > not
> > > >> suitable for production use. It is also useful for SCRAM in
> > environments
> > > >> where ZooKeeper is not secure.
> > > >>
> > > >> Thank you...
> > > >>
> > > >> Regards,
> > > >>
> > > >> Rajini
> > > >>
> > > >>
> > > >>
> > > >> Unless stated otherwise above:
> > > >> IBM United Kingdom Limited - Registered in England and Wales with
> > number
> > > >> 741598.
> > > >> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire
> PO6
> > > 3AU
> > > >>
> > >
> >
>
Re: [VOTE] KIP-86: Configurable SASL callback handlers
Posted by Rajini Sivaram <ra...@gmail.com>.
Hi all,
I would like to restart the vote for KIP-86:
https://cwiki.apache.org/confluence/display/KAFKA/KIP-86
%3A+Configurable+SASL+callback+handlers
The KIP makes callback handlers for SASL configurable to make it simpler to
integrate with custom authentication database or custom authentication
servers. This is particularly useful for SASL/PLAIN where the
implementation in Kafka based on credentials stored in jaas.conf is not
suitable for production use. It is also useful for SCRAM in environments
where ZooKeeper is not secure. The KIP has also been updated to simplify
addition of new SASL mechanisms by making the Login class configurable.
The PR for the KIP has been rebased and updated (
https://github.com/apache/kafka/pull/2022)
Thank you,
Rajini
On Mon, Dec 11, 2017 at 2:22 PM, Ted Yu <yu...@gmail.com> wrote:
> +1
> -------- Original message --------From: Tom Bentley <t....@gmail.com>
> Date: 12/11/17 6:06 AM (GMT-08:00) To: dev@kafka.apache.org Subject:
> Re: [VOTE] KIP-86: Configurable SASL callback handlers
> +1 (non-binding)
>
> On 5 May 2017 at 11:57, Mickael Maison <mi...@gmail.com> wrote:
>
> > Thanks for the KIP Rajini, this will significantly simplify providing
> > custom credential providers
> > +1 (non binding)
> >
> > On Wed, May 3, 2017 at 8:25 AM, Rajini Sivaram <ra...@gmail.com>
> > wrote:
> > > Can we have some more reviews or votes for this KIP to include in
> > 0.11.0.0?
> > > It is not a breaking change and the code is ready for integration, so
> it
> > > will be good to get it in if possible.
> > >
> > > Ismael/Jun, since you had reviewed the KIP earlier, can you let me know
> > if
> > > I can do anything more to get your votes?
> > >
> > >
> > > Thank you,
> > >
> > > Rajini
> > >
> > >
> > > On Mon, Apr 10, 2017 at 12:18 PM, Edoardo Comar <EC...@uk.ibm.com>
> > wrote:
> > >
> > >> +1 (non binding)
> > >> many thanks Rajini !
> > >>
> > >> --------------------------------------------------
> > >> Edoardo Comar
> > >> IBM MessageHub
> > >> ecomar@uk.ibm.com
> > >> IBM UK Ltd, Hursley Park, SO21 2JN
> > >>
> > >> IBM United Kingdom Limited Registered in England and Wales with number
> > >> 741598 Registered office: PO Box 41, North Harbour, Portsmouth, Hants.
> > PO6
> > >> 3AU
> > >>
> > >>
> > >>
> > >> From: Rajini Sivaram <ra...@gmail.com>
> > >> To: dev@kafka.apache.org
> > >> Date: 06/04/2017 10:53
> > >> Subject: [VOTE] KIP-86: Configurable SASL callback handlers
> > >>
> > >>
> > >>
> > >> Hi all,
> > >>
> > >> I would like to start the voting process for KIP-86:
> > >>
> > >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> > >> 86%3A+Configurable+SASL+callback+handlers
> > >>
> > >>
> > >> The KIP makes callback handlers for SASL configurable to make it
> simpler
> > >> to
> > >> integrate with custom authentication database or custom authentication
> > >> servers. This is particularly useful for SASL/PLAIN where the
> > >> implementation in Kafka based on credentials stored in jaas.conf is
> not
> > >> suitable for production use. It is also useful for SCRAM in
> environments
> > >> where ZooKeeper is not secure.
> > >>
> > >> Thank you...
> > >>
> > >> Regards,
> > >>
> > >> Rajini
> > >>
> > >>
> > >>
> > >> Unless stated otherwise above:
> > >> IBM United Kingdom Limited - Registered in England and Wales with
> number
> > >> 741598.
> > >> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6
> > 3AU
> > >>
> >
>
Re: [VOTE] KIP-86: Configurable SASL callback handlers
Posted by Ted Yu <yu...@gmail.com>.
+1
-------- Original message --------From: Tom Bentley <t....@gmail.com> Date: 12/11/17 6:06 AM (GMT-08:00) To: dev@kafka.apache.org Subject: Re: [VOTE] KIP-86: Configurable SASL callback handlers
+1 (non-binding)
On 5 May 2017 at 11:57, Mickael Maison <mi...@gmail.com> wrote:
> Thanks for the KIP Rajini, this will significantly simplify providing
> custom credential providers
> +1 (non binding)
>
> On Wed, May 3, 2017 at 8:25 AM, Rajini Sivaram <ra...@gmail.com>
> wrote:
> > Can we have some more reviews or votes for this KIP to include in
> 0.11.0.0?
> > It is not a breaking change and the code is ready for integration, so it
> > will be good to get it in if possible.
> >
> > Ismael/Jun, since you had reviewed the KIP earlier, can you let me know
> if
> > I can do anything more to get your votes?
> >
> >
> > Thank you,
> >
> > Rajini
> >
> >
> > On Mon, Apr 10, 2017 at 12:18 PM, Edoardo Comar <EC...@uk.ibm.com>
> wrote:
> >
> >> +1 (non binding)
> >> many thanks Rajini !
> >>
> >> --------------------------------------------------
> >> Edoardo Comar
> >> IBM MessageHub
> >> ecomar@uk.ibm.com
> >> IBM UK Ltd, Hursley Park, SO21 2JN
> >>
> >> IBM United Kingdom Limited Registered in England and Wales with number
> >> 741598 Registered office: PO Box 41, North Harbour, Portsmouth, Hants.
> PO6
> >> 3AU
> >>
> >>
> >>
> >> From: Rajini Sivaram <ra...@gmail.com>
> >> To: dev@kafka.apache.org
> >> Date: 06/04/2017 10:53
> >> Subject: [VOTE] KIP-86: Configurable SASL callback handlers
> >>
> >>
> >>
> >> Hi all,
> >>
> >> I would like to start the voting process for KIP-86:
> >>
> >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> >> 86%3A+Configurable+SASL+callback+handlers
> >>
> >>
> >> The KIP makes callback handlers for SASL configurable to make it simpler
> >> to
> >> integrate with custom authentication database or custom authentication
> >> servers. This is particularly useful for SASL/PLAIN where the
> >> implementation in Kafka based on credentials stored in jaas.conf is not
> >> suitable for production use. It is also useful for SCRAM in environments
> >> where ZooKeeper is not secure.
> >>
> >> Thank you...
> >>
> >> Regards,
> >>
> >> Rajini
> >>
> >>
> >>
> >> Unless stated otherwise above:
> >> IBM United Kingdom Limited - Registered in England and Wales with number
> >> 741598.
> >> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6
> 3AU
> >>
>
Re: [VOTE] KIP-86: Configurable SASL callback handlers
Posted by Tom Bentley <t....@gmail.com>.
+1 (non-binding)
On 5 May 2017 at 11:57, Mickael Maison <mi...@gmail.com> wrote:
> Thanks for the KIP Rajini, this will significantly simplify providing
> custom credential providers
> +1 (non binding)
>
> On Wed, May 3, 2017 at 8:25 AM, Rajini Sivaram <ra...@gmail.com>
> wrote:
> > Can we have some more reviews or votes for this KIP to include in
> 0.11.0.0?
> > It is not a breaking change and the code is ready for integration, so it
> > will be good to get it in if possible.
> >
> > Ismael/Jun, since you had reviewed the KIP earlier, can you let me know
> if
> > I can do anything more to get your votes?
> >
> >
> > Thank you,
> >
> > Rajini
> >
> >
> > On Mon, Apr 10, 2017 at 12:18 PM, Edoardo Comar <EC...@uk.ibm.com>
> wrote:
> >
> >> +1 (non binding)
> >> many thanks Rajini !
> >>
> >> --------------------------------------------------
> >> Edoardo Comar
> >> IBM MessageHub
> >> ecomar@uk.ibm.com
> >> IBM UK Ltd, Hursley Park, SO21 2JN
> >>
> >> IBM United Kingdom Limited Registered in England and Wales with number
> >> 741598 Registered office: PO Box 41, North Harbour, Portsmouth, Hants.
> PO6
> >> 3AU
> >>
> >>
> >>
> >> From: Rajini Sivaram <ra...@gmail.com>
> >> To: dev@kafka.apache.org
> >> Date: 06/04/2017 10:53
> >> Subject: [VOTE] KIP-86: Configurable SASL callback handlers
> >>
> >>
> >>
> >> Hi all,
> >>
> >> I would like to start the voting process for KIP-86:
> >>
> >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> >> 86%3A+Configurable+SASL+callback+handlers
> >>
> >>
> >> The KIP makes callback handlers for SASL configurable to make it simpler
> >> to
> >> integrate with custom authentication database or custom authentication
> >> servers. This is particularly useful for SASL/PLAIN where the
> >> implementation in Kafka based on credentials stored in jaas.conf is not
> >> suitable for production use. It is also useful for SCRAM in environments
> >> where ZooKeeper is not secure.
> >>
> >> Thank you...
> >>
> >> Regards,
> >>
> >> Rajini
> >>
> >>
> >>
> >> Unless stated otherwise above:
> >> IBM United Kingdom Limited - Registered in England and Wales with number
> >> 741598.
> >> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6
> 3AU
> >>
>
Re: [VOTE] KIP-86: Configurable SASL callback handlers
Posted by Mickael Maison <mi...@gmail.com>.
Thanks for the KIP Rajini, this will significantly simplify providing
custom credential providers
+1 (non binding)
On Wed, May 3, 2017 at 8:25 AM, Rajini Sivaram <ra...@gmail.com> wrote:
> Can we have some more reviews or votes for this KIP to include in 0.11.0.0?
> It is not a breaking change and the code is ready for integration, so it
> will be good to get it in if possible.
>
> Ismael/Jun, since you had reviewed the KIP earlier, can you let me know if
> I can do anything more to get your votes?
>
>
> Thank you,
>
> Rajini
>
>
> On Mon, Apr 10, 2017 at 12:18 PM, Edoardo Comar <EC...@uk.ibm.com> wrote:
>
>> +1 (non binding)
>> many thanks Rajini !
>>
>> --------------------------------------------------
>> Edoardo Comar
>> IBM MessageHub
>> ecomar@uk.ibm.com
>> IBM UK Ltd, Hursley Park, SO21 2JN
>>
>> IBM United Kingdom Limited Registered in England and Wales with number
>> 741598 Registered office: PO Box 41, North Harbour, Portsmouth, Hants. PO6
>> 3AU
>>
>>
>>
>> From: Rajini Sivaram <ra...@gmail.com>
>> To: dev@kafka.apache.org
>> Date: 06/04/2017 10:53
>> Subject: [VOTE] KIP-86: Configurable SASL callback handlers
>>
>>
>>
>> Hi all,
>>
>> I would like to start the voting process for KIP-86:
>>
>> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
>> 86%3A+Configurable+SASL+callback+handlers
>>
>>
>> The KIP makes callback handlers for SASL configurable to make it simpler
>> to
>> integrate with custom authentication database or custom authentication
>> servers. This is particularly useful for SASL/PLAIN where the
>> implementation in Kafka based on credentials stored in jaas.conf is not
>> suitable for production use. It is also useful for SCRAM in environments
>> where ZooKeeper is not secure.
>>
>> Thank you...
>>
>> Regards,
>>
>> Rajini
>>
>>
>>
>> Unless stated otherwise above:
>> IBM United Kingdom Limited - Registered in England and Wales with number
>> 741598.
>> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
>>
Re: [VOTE] KIP-86: Configurable SASL callback handlers
Posted by Rajini Sivaram <ra...@gmail.com>.
Can we have some more reviews or votes for this KIP to include in 0.11.0.0?
It is not a breaking change and the code is ready for integration, so it
will be good to get it in if possible.
Ismael/Jun, since you had reviewed the KIP earlier, can you let me know if
I can do anything more to get your votes?
Thank you,
Rajini
On Mon, Apr 10, 2017 at 12:18 PM, Edoardo Comar <EC...@uk.ibm.com> wrote:
> +1 (non binding)
> many thanks Rajini !
>
> --------------------------------------------------
> Edoardo Comar
> IBM MessageHub
> ecomar@uk.ibm.com
> IBM UK Ltd, Hursley Park, SO21 2JN
>
> IBM United Kingdom Limited Registered in England and Wales with number
> 741598 Registered office: PO Box 41, North Harbour, Portsmouth, Hants. PO6
> 3AU
>
>
>
> From: Rajini Sivaram <ra...@gmail.com>
> To: dev@kafka.apache.org
> Date: 06/04/2017 10:53
> Subject: [VOTE] KIP-86: Configurable SASL callback handlers
>
>
>
> Hi all,
>
> I would like to start the voting process for KIP-86:
>
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> 86%3A+Configurable+SASL+callback+handlers
>
>
> The KIP makes callback handlers for SASL configurable to make it simpler
> to
> integrate with custom authentication database or custom authentication
> servers. This is particularly useful for SASL/PLAIN where the
> implementation in Kafka based on credentials stored in jaas.conf is not
> suitable for production use. It is also useful for SCRAM in environments
> where ZooKeeper is not secure.
>
> Thank you...
>
> Regards,
>
> Rajini
>
>
>
> Unless stated otherwise above:
> IBM United Kingdom Limited - Registered in England and Wales with number
> 741598.
> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
>
Re: [VOTE] KIP-86: Configurable SASL callback handlers
Posted by Edoardo Comar <EC...@uk.ibm.com>.
+1 (non binding)
many thanks Rajini !
--------------------------------------------------
Edoardo Comar
IBM MessageHub
ecomar@uk.ibm.com
IBM UK Ltd, Hursley Park, SO21 2JN
IBM United Kingdom Limited Registered in England and Wales with number
741598 Registered office: PO Box 41, North Harbour, Portsmouth, Hants. PO6
3AU
From: Rajini Sivaram <ra...@gmail.com>
To: dev@kafka.apache.org
Date: 06/04/2017 10:53
Subject: [VOTE] KIP-86: Configurable SASL callback handlers
Hi all,
I would like to start the voting process for KIP-86:
https://cwiki.apache.org/confluence/display/KAFKA/KIP-86%3A+Configurable+SASL+callback+handlers
The KIP makes callback handlers for SASL configurable to make it simpler
to
integrate with custom authentication database or custom authentication
servers. This is particularly useful for SASL/PLAIN where the
implementation in Kafka based on credentials stored in jaas.conf is not
suitable for production use. It is also useful for SCRAM in environments
where ZooKeeper is not secure.
Thank you...
Regards,
Rajini
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU