Gwen, Thank you for reviewing the KIP.
There has been interest in making the password verification in SASL/PLAIN more pluggable. So I think it makes sense to have a pluggable interface that can be adopted for any SASL mechanism rather than just SCRAM. With the current proposal, you can plugin another Scram SaslServer implementation with a different password store. This is similar to the current SASL/PLAIN implementation. I agree that it will be good to make password stores more pluggable rather than require users to override the whole SaslServer. I was going to look into this later, but I can do it as part of this KIP. Will update the KIP with a pluggable interface. Thank you, Rajini On Fri, Oct 7, 2016 at 11:37 PM, Gwen Shapira <g...@confluent.io> wrote: > Can you talk more about rejecting the option of making the password > store pluggable? I am a bit uncomfortable with making ZK the one and > only password store... > > On Tue, Oct 4, 2016 at 6:43 AM, Rajini Sivaram > <rajinisiva...@googlemail.com> wrote: > > Hi all, > > > > I have just created KIP-84 to add SCRAM-SHA-1 and SCRAM-SHA-256 SASL > > mechanisms to Kafka: > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP- > 84%3A+Support+SASL+SCRAM+mechanisms > > > > > > Comments and suggestions are welcome. > > > > Thank you... > > > > Regards, > > > > Rajini > > > > -- > Gwen Shapira > Product Manager | Confluent > 650.450.2760 | @gwenshap > Follow us: Twitter | blog > -- Regards, Rajini
