Versions Compared

Old Version 22

changes.mady.by.user Manikumar Reddy O.

Saved on

compared with

New Version 23

changes.mady.by.user Manikumar Reddy O.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Current state["DISCUSSION"]. 

Discussion thread: here

JIRA: KAFKA-1696 

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

...

The current approach requires a deployment when the secret needs to be rotated. If we want to make it automated and more frequent we can offload the responsibility of secret generation to controller.

 

Details

 

...

Wire Protocol Extensions

...

Server-side Admin Request handlers

SCRAM Extensions:
SCRAM messages have an optional extensions field which is a comma-separated list of key=value pairs.
After KIP-84 implementation , an extension will be added to the first client SCRAM message to indicate
that authentication is being requested for a delegation token. This will enable Kafka broker to obtain
credentials and principal using a different code path for delegation tokens.

...

DelegationToken Client

...

Command line tool

 We will provide a CLI to acquire delegation tokens, renew tokens and to invalidate/expire tokens. 

...

Changes to Java Clients (producer/consumer)

KIP-85 allows dynamic JAAS configuration for Kafka clients. With this we can easily configure the
delegation token for SCRAM-SHA-256 authentication.

...