...
bin/kafka-configs.sh --zookeeper localhost:2181 --alter --delete-config 'scram-sha-256,
scram-sha-512
' --entity-type users
--entity-name alice
Extensions to support Delegation tokens
KIP-48 addresses support for delegation tokens in Kafka. SCRAM is a suitable mechanism for authentication using delegation tokens. KIP-48 proposes to persist credentials for delegation tokens in Zookeeper which includes the Kafka principal as the token owner. Clients authenticate using SCRAM-SHA-256, providing the delegation token HMAC as password.
SCRAM messages have an optional extensions field which is a comma-separated list of key=value
pairs. An extension will be added to the first client SCRAM message to indicate that authentication is being requested for a delegation token. This will enable Kafka broker to obtain credentials and principal using a different code path for delegation tokens.
Compatibility, Deprecation, and Migration Plan
...