THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Client flow:
- If
sasl.mechanismis not GSSAPI, send a Kafka handshake request packet with the mechanism name to the server. Otherwise go to Step 3.- Request Format: |
Kafka RequestHeader|Kafka SaslHandhsakeRequestSaslHandshakeRequest|
- Request Format: |
- Wait for response from the server. If the error code in the response is non-zero, indicating failure, report the error and fail authentication.
- Perform SASL authentication with the configured client mechanism. SASL authentication packets do not contain a Kafka RequestHeader.
- Client token Format: |
Size (int16int32)|SASL client authentication token|
- Client token Format: |
Server flow:
- Wait for first authentication packet from client
- If this packet is a not valid Kafka handshake request, go to Step 4 and process this packet as the first GSSAPI client token
- If the client mechanism in the Kafka handshake request received in Step 2 is enabled in the broker, send a response with error code zero and start authentication using the specified mechanism. Otherwise, send an error response including the list of enabled mechanisms and fail authentication.
- Response Format: |
Kafka ResponseHeader|Kafka SaslHandhsakeResponseSaslHandshakeResponse|
- Response Format: |
- Perform SASL authentication with the selected mechanism. If mechanism exchange was skipped, process the initial packet that was received from the client first. SASL authentication packets are expected without a Kafka RequestHeader until SASL authentication exchange completes. SASL server authentication packets are sent back without a Kafka response header.
- Server token Format: |
Size (int16int32)|SASL server authentication token|
- Server token Format: |
...