Naresh created KAFKA-12807:
------------------------------

             Summary: allow mTLS authorization based on different fields of 
X509 certificate
                 Key: KAFKA-12807
                 URL: https://issues.apache.org/jira/browse/KAFKA-12807
             Project: Kafka
          Issue Type: Improvement
            Reporter: Naresh


Builtin simple authorizer uses X500Principal to authorize the mTLS principals. 
There are other fields like SAN (Subject Alternative Name), Serial.No  can be 
used to extend the certificate properties.

Adding authorization based on SAN would help break the dependency on the 
CommonName in environments where CommonName is used with Autogenerated 
hostnames at the same time use the certs to do client auth with the kafka 
brokers.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to