[ https://issues.apache.org/jira/browse/KAFKA-3199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16043484#comment-16043484 ]
Ji sun commented on KAFKA-3199: ------------------------------- Hi Adam, do you mind me taking this jira for Kafka 0.10? > LoginManager should allow using an existing Subject > --------------------------------------------------- > > Key: KAFKA-3199 > URL: https://issues.apache.org/jira/browse/KAFKA-3199 > Project: Kafka > Issue Type: Improvement > Components: security > Affects Versions: 0.9.0.0 > Reporter: Adam Kunicki > Assignee: Adam Kunicki > Priority: Critical > > LoginManager currently creates a new Login in the constructor which then > performs a login and starts a ticket renewal thread. The problem here is that > because Kafka performs its own login, it doesn't offer the ability to re-use > an existing subject that's already managed by the client application. > The goal of LoginManager appears to be to be able to return a valid Subject. > It would be a simple fix to have LoginManager.acquireLoginManager() check for > a new config e.g. kerberos.use.existing.subject. > This would instead of creating a new Login in the constructor simply call > Subject.getSubject(AccessController.getContext()); to use the already logged > in Subject. > This is also doable without introducing a new configuration and simply > checking if there is already a valid Subject available, but I think it may be > preferable to require that users explicitly request this behavior. -- This message was sent by Atlassian JIRA (v6.3.15#6346)