[ https://issues.apache.org/jira/browse/KAFKA-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15123282#comment-15123282 ]
ASF GitHub Bot commented on KAFKA-3166: --------------------------------------- GitHub user ijuma opened a pull request: https://github.com/apache/kafka/pull/830 KAFKA-3166; Disable SSL client authentication for SASL_SSL security protocol (backport) Backport of https://github.com/apache/kafka/pull/827 to 0.9.0 that only includes the essential code changes (excluded the test changes due to conflicts). You can merge this pull request into a Git repository by running: $ git pull https://github.com/ijuma/kafka kafka-3166-backport-disable-ssl-auth-sasl-ssl Alternatively you can review and apply these changes as the patch at: https://github.com/apache/kafka/pull/830.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #830 ---- commit b5513d6a1bb86c99aef81af40f63f24b005004ff Author: Ismael Juma <ism...@juma.me.uk> Date: 2016-01-28T19:51:14Z SSL client authentication should be disabled for SASL_SSL security protocol ---- > Disable SSL client authentication for SASL_SSL security protocol > ---------------------------------------------------------------- > > Key: KAFKA-3166 > URL: https://issues.apache.org/jira/browse/KAFKA-3166 > Project: Kafka > Issue Type: Improvement > Components: security > Affects Versions: 0.9.0.0 > Reporter: Ismael Juma > Assignee: Ismael Juma > > A useful scenario is for a broker to require clients to authenticate either > via SSL or via SASL (with SASL_SSL security protocol). With the current code, > this is not possible to achieve. If we set `ssl.client.auth` to `required`, > then it will be required for both SSL and SASL. > I suggest we hardcode `ssl.client.auth` to `none` for the `SASL_SSL` case. -- This message was sent by Atlassian JIRA (v6.3.4#6332)