Versions Compared

Old Version 25

changes.mady.by.user Rajini Sivaram

Saved on

compared with

New Version Current

changes.mady.by.user Rajini Sivaram

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejava
titleSample configuration for user credentials
// SCRAM credentials for user alice: Zookeeper persistence path /config/users/alice
{
        "version":1,
        "config": {
          "scramSCRAM-shaSHA-512" : "salt=djR5dXdtZGNqamVpeml6NGhiZmMwY3hrbg==,stored_key=sb5jkqStV9RwPVTGxG1ZJHxF89bqjsD1jT4S...==,server_key=...,iterations=4096",
          "scramSCRAM-shaSHA-256" : "salt=10ibs0z7xzlu6w5ns0n188sis5,stored_key=+Acl/wi1vLZ95Uqj8rRHVcSp6qrdfQIwZbaZBwM0yvo=,server_key=nN+fZauE6vG0hmFAEj/49+2yk0803y67WSXMYkgh77k=,iterations=4096"
        }
};

For each supported mechanism, a new property is added with the mechanism name in lower case. The value of the property is a comma-separated list of key-value pairs similar to SCRAM messages and has the following elements:

...

kafka-configs.sh will be extended to support management of credentials in Zookeeper as dynamic properties of users. Two new properties will be supported for entity type users, one for each mechanism with the name of the mechanism in lower case. For ease of use, the tool will take a password and an optional iteration count and generate a random salt, ServerKey and StoredKey as specified in in RFC 5802. For example:

bin/kafka-configs.sh --zookeeper localhost:2181 --alter --add-config 'scramSCRAM-shaSHA-256=[iterations=4096,password=alice-secret],scramSCRAM-shaSHA-512=[password=alice-secret]--entity-type users --entity-name alice

...

Configs for user-principal 'alice' are scramSCRAM-shaSHA-512=[salt=djR5dXdtZGNqamVpeml6NGhiZmMwY3hrbg==,stored_key=sb5jkqStV9RwPVTGxG1ZJHxF89bqjsD1jT4SFDK4An2goSnWpbNdY0nkq0fNV8xFcZqb7MVMJ1tyEgif5OXKDQ==, server_key=3EfuHB4LPOcjDH0O5AysSSPiLskQfM5K9+mOzGmkixasmWEGJWZv7svtgkP+acO2Q9ms9WQQ9EndAJCvKHmjjg==,iterations=4096],scramSCRAM-shaSHA-256=[salt=10ibs0z7xzlu6w5ns0n188sis5,stored_key=+Acl/wi1vLZ95Uqj8rRHVcSp6qrdfQIwZbaZBwM0yvo=,server_key=nN+fZauE6vG0hmFAEj/49+2yk0803y67WSXMYkgh77k=,iterations=4096]

...

bin/kafka-configs.sh --zookeeper localhost:2181 --alter --delete-config 'scramSCRAM-shaSHA-256,scramSCRAM-shaSHA-512--entity-type users --entity-name alice

...