Hi Harsha, Thanks for the review.
With this KIP a designated superuser can create tokens without requiring individual user credentials. Any client can authenticate brokers using the created tokens. We may not call this as impersonation, since the clients API calls are executing on their own authenticated connections. Thanks, Manikumar On Fri, Dec 7, 2018 at 11:56 PM Harsha <ka...@harsha.io> wrote: > Hi Mani, > Overall KIP looks good to me. Can we call this Impersonation > support, which is what the KIP is doing? > Also instead of using super.uses as the config which essentially giving > cluster-wide support to the users, we can introduce impersonation.users as > a config and users listed in the config are allowed to impersonate other > users. > > Thanks, > Harsha > > > On Fri, Dec 7, 2018, at 3:58 AM, Manikumar wrote: > > Bump up! to get some attention. > > > > BTW, recently Apache Spark added support for Kafka delegation token. > > https://issues.apache.org/jira/browse/SPARK-25501 > > > > On Fri, Dec 7, 2018 at 5:27 PM Manikumar <manikumar.re...@gmail.com> > wrote: > > > > > Bump up! to get some attention. > > > > > > BTW, recently Apache Spark added for Kafka delegation token support. > > > https://issues.apache.org/jira/browse/SPARK-25501 > > > > > > On Tue, Sep 25, 2018 at 9:56 PM Manikumar <manikumar.re...@gmail.com> > > > wrote: > > > > > >> Hi all, > > >> > > >> I have created a KIP that proposes to allow users to create delegation > > >> tokens for other users. > > >> > > >> > > >> > https://cwiki.apache.org/confluence/display/KAFKA/KIP-373%3A+Allow+users+to+create+delegation+tokens+for+other+users > > >> > > >> Please take a look when you get a chance. > > >> > > >> Thanks, > > >> Manikumar > > >> > > > >
