Versions Compared

Old Version 15

changes.mady.by.user Parth

Saved on

compared with

New Version 16

changes.mady.by.user Parth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Current state["DISCUSSION"]. 

Discussion thread: here

JIRA: KAFKA-1696 

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

...

  • Let each broker generate a Random secret on each acquisition request and use this secret to generate the hmac. Broker will store the hmac in zookeeper. However as zookeeper zkClient does not support SSL the hmac will be on wire unencrypted which is not safe.A client will go to every broker and acquire token for that broker. The tokens will not be stored in zookeeper at all. The downside of this approach is anytime a new broker is added the initial client has to get notified and it has to ensure it gets token for this new broker and distributes it.
  • Use controller instead of zookeeper as the central location where tokens are generated,renewed and distributed from. You can review the discussion and pro/con here.