-
Notifications
You must be signed in to change notification settings - Fork 340
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication using SASL #119
Comments
@dasch Apparently it doesn't work with v0.9, and we're exploring the possibility of rewriting it with ruby-kafka. One requirements we hear from Fluentd users are, they want Kerberos support to publish events to Kafka. I just saw this ticket but are you now working on this right now? If not, are you open to merge the changes we'll make? I'm just curious how important this is for you at this point. cc/ @repeatedly |
@kzk that sounds great! I'm not working on Kerberos support, so by all means go ahead :-) If you need help we can set up a call – otherwise, a work-in-progress PR could be a good starting point. |
@dasch I'm on adding SASL (kerberos) to ruby-kafka right now, as we need it. It seems to be working, so I'll create some pull request soon. Have to add support and tests for SASL_SSL then too. |
@tmeinlschmidt We are also in need of this feature for a project we're working on, so we'd be more than happy to help in whatever capacity possible. We were literally about to start doing this ourselves, so we are very thankful to have seen your comment :) We don't have a strong Ruby background on the team but willing to do what we can to help. We are not currently using SSL, so we may not be able to assist much there, unfortunately. |
- some refactoring of connection, as it needs to send messages prior to GSSAPI authentication - gssapi gem required - using constants instead of plain integers in api keys
Hey all, pushed some initial code for SASL/GSSAPI authentication. Working on adding some more tests and docs. |
@tmeinlschmidt I think that code is being overly intrusive - can you make a change within the confines of the existing design? Feel free to create a PR with design changes separately, although I won't promise that I'll merge it. |
The problem is - SASL needs to send some kafka messages before any auth can be made. that's the reason I cut ConnectionOperation out from Connection class. Is there any specific part you want to change/rewrite? |
@tmeinlschmidt can you start by opening a PR? That makes commenting a lot easier. |
@dasch when support the SASL/PLAIN? our team will use kafka replace with redis recently. I find only your gem support SASL. if not, I think we will create a new branch for this functionality. |
I would like to add PLAIN to SASL auth then as well. |
Initial commit of SASL/GSSAPI support (#119)
+1 for SASL/PLAIN |
+1 I need SASL/PLAIN support as well. |
@tmeinlschmidt would you want to head this or should we let one of these enthusiasts give it a go? |
Done! |
any update?now fluentd-plugin-kafa support sasl ? i saw your comments about ruby kafak. it just provides principal and keytab, not krb5.conf, how get kerberos server addr without krb5.conf? |
same question |
I think it was done here - #370 |
http://kafka.apache.org/documentation.html#security_sasl
The text was updated successfully, but these errors were encountered: