-
-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SASL SCRAM support #24
Comments
Should be SCRAM be performed by clients i.e. pass through the proxy or initiated by the proxy i.e. hidden to the clients ? Both options are supported for PLAINTEXT. Feel free to contribute. |
Our usecase would do plaintext to the proxy then scram over SSL/TLS out to the brokers. I am looking at adding support now. I would like your input on how I am going about it. Add new command line parameters to the server: Add a new struct called SASLSCRAMAuth. Am I missing anything? |
In general that's it. Additionally proxy/client.go sets the implementation, config/config.go validates the params. There is a SASL plugin mechanism I used for OAUTHBEARER but it doesn't have to be used for SCRAM. Just do what you think is reasonable ;-) |
Thank you for your contribution! |
release version v0.1.3 |
We have been using the proxy with great success to date using both PLAINTEXT and SSL endpoints. We are now wanting to do SASL authentication with SCRAM (our hosting provider uses SCRAM256 rather than PLAIN).
As best I can tell kafka-proxy currently doesn't have support for this.
I believe I will need to add a *Auth struct in sasl_by_proxy.go to handle the SCRAM portion as well as providing some command line parameters.
Any chance someone has worked on this already and has some code sitting around? If not I will likely get started hacking away.
The text was updated successfully, but these errors were encountered: