Ismael, Thank you for reviewing the KIP. I do agree that JAAS config format is not ideal. But I wanted to solve the generic configuration issue (need for physical file, single static config) for any SASL mechanism in an extensible, future-proof way. And that requires the ability to configure all the properties currently configured using the JAAS config file - login module and all its options. It didn't make sense to define a new format to do this when JAAS is supported by Kafka.
Kerberos is a very special case. Unlike other mechanisms, I imagine all users of Kerberos use the login module included in the JRE. And these modules happen to use different options depending on the vendor. I am not very familiar with the Hadoop codebase, but it looks like Hadoop contains code that abstracts out Kerberos options so that it works with any JRE. This KIP does not preclude better handling for Kerberos in future. For other mechanisms like PLAIN, we want the login module to be pluggable. And that means the options need to be extensible. Here JAAS config enables a format that is consistent with the jaas config file, but without the current limitations. On Mon, Nov 28, 2016 at 1:00 PM, Ismael Juma <ism...@juma.me.uk> wrote: > I'm very late to this, but better late than never, I guess. I am +1 on this > because it improves on the status quo, satisfies a real need and is simple > to implement. > > Having said that, I'd also like to state that it's a bit of a shame that we > are doubling down on the JAAS config format. It is a peculiar format and in > the Kerberos case (one of the common usages), it requires users to provide > different configs depending on the Java implementation being used. It would > be nice if we looked into abstracting some of this to make users' lives > easier. Looking at the Hadoop codebase, it looks like they try to do that > although I don't know how well it worked out in practice. > > Ismael > > On Tue, Nov 1, 2016 at 1:42 PM, Rajini Sivaram < > rajinisiva...@googlemail.com > > wrote: > > > KIP-85 vote has passed with 4 binding (Harsha, Gwen, Jason, Jun) and 4 > > non-binding (Mickael, Jim, Edo, me) votes. > > > > Thank you all for your votes and comments. I will update the KIP page and > > rebase the PR. > > > > Many thanks, > > > > Rajini > > > > > > > > On Mon, Oct 31, 2016 at 11:29 AM, Edoardo Comar <eco...@uk.ibm.com> > wrote: > > > > > +1 great KIP > > > -------------------------------------------------- > > > Edoardo Comar > > > IBM MessageHub > > > eco...@uk.ibm.com > > > IBM UK Ltd, Hursley Park, SO21 2JN > > > > > > IBM United Kingdom Limited Registered in England and Wales with number > > > 741598 Registered office: PO Box 41, North Harbour, Portsmouth, Hants. > > PO6 > > > 3AU > > > > > > > > > > > > From: Rajini Sivaram <rajinisiva...@googlemail.com> > > > To: dev@kafka.apache.org > > > Date: 26/10/2016 16:27 > > > Subject: [VOTE] KIP-85: Dynamic JAAS configuration for Kafka > > > clients > > > > > > > > > > > > I would like to initiate the voting process for KIP-85: Dynamic JAAS > > > configuration for Kafka Clients: > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP- > > 85%3A+Dynamic+JAAS+ > > > configuration+for+Kafka+clients > > > > > > > > > This KIP enables Java clients to connect to Kafka using SASL without a > > > physical jaas.conf file. This will also be useful to configure multiple > > > KafkaClient login contexts when multiple users are supported within a > > JVM. > > > > > > Thank you... > > > > > > Regards, > > > > > > Rajini > > > > > > > > > > > > Unless stated otherwise above: > > > IBM United Kingdom Limited - Registered in England and Wales with > number > > > 741598. > > > Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 > > 3AU > > > > > > > > > > > -- > > Regards, > > > > Rajini > > > -- Regards, Rajini
