Versions Compared

Old Version 50

changes.mady.by.user Manikumar Reddy O.

Saved on

compared with

New Version 51

changes.mady.by.user Manikumar Reddy O.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Secret/masterKey is used to generate and verify delegation tokens. This is supplied using config option. This masterKey needs to be configured with all the brokers. The current proposal does not support rotation of masterKey. We a requires a re-deployment when the masterKey needs to be rotated.

Token Details in Zookeeper

Token are stored in Zookeeper as dynamically configurable properties in the path /tokens/<token-id>

Code Block
languagejava
title Delegation Token Details
// SCRAM credentials for tokenID token123: Zookeeper persistence path /tokens/token123
{
        "version":1,
        "details": {
          "owner" : "owner",
          "renewer" : "renewer",
          "maxLifeTime" : "maxLifeTime",
        }
};

 

SCRAM Extensions

SCRAM messages have an optional extensions field which is a comma-separated list of key=value pairs.
After KIP-84 implementation , an extension will be added to the first client SCRAM message to indicate
that authentication is being requested for a delegation token. This will enable Kafka broker to obtain
credentials and principal using a different code path for delegation tokens.

...