[
https://issues.apache.org/jira/browse/KAFKA-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15123282#comment-15123282
]
ASF GitHub Bot commented on KAFKA-3166:
---------------------------------------
GitHub user ijuma opened a pull request:
https://github.com/apache/kafka/pull/830
KAFKA-3166; Disable SSL client authentication for SASL_SSL security
protocol (backport)
Backport of https://github.com/apache/kafka/pull/827 to 0.9.0 that only
includes the essential code changes (excluded the test changes due to
conflicts).
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ijuma/kafka
kafka-3166-backport-disable-ssl-auth-sasl-ssl
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/kafka/pull/830.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #830
----
commit b5513d6a1bb86c99aef81af40f63f24b005004ff
Author: Ismael Juma <ism...@juma.me.uk>
Date: 2016-01-28T19:51:14Z
SSL client authentication should be disabled for SASL_SSL security protocol
----
> Disable SSL client authentication for SASL_SSL security protocol
> ----------------------------------------------------------------
>
> Key: KAFKA-3166
> URL: https://issues.apache.org/jira/browse/KAFKA-3166
> Project: Kafka
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.9.0.0
> Reporter: Ismael Juma
> Assignee: Ismael Juma
>
> A useful scenario is for a broker to require clients to authenticate either
> via SSL or via SASL (with SASL_SSL security protocol). With the current code,
> this is not possible to achieve. If we set `ssl.client.auth` to `required`,
> then it will be required for both SSL and SASL.
> I suggest we hardcode `ssl.client.auth` to `none` for the `SASL_SSL` case.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
