[ https://issues.apache.org/jira/browse/KAFKA-9933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17098824#comment-17098824 ]
kaushik srinivas commented on KAFKA-9933: ----------------------------------------- Hi [~ijuma] Need your inputs. We enable both SASL and SSL with flavours of GSSAPI and PLAIN mechanisms both in varied deployments. Thanks, kaushik > Need doc update on the AclAuthorizer when SASL_SSL is the protocol used. > ------------------------------------------------------------------------ > > Key: KAFKA-9933 > URL: https://issues.apache.org/jira/browse/KAFKA-9933 > Project: Kafka > Issue Type: Bug > Components: security > Affects Versions: 2.4.1 > Reporter: kaushik srinivas > Priority: Critical > > Hello, > Document on the usage of the authorizer does not speak about the principal > being used when the protocol for the listener is chosen as SASL + SSL > (SASL_SSL). > Suppose kerberos and ssl is enabled together, will the authorization be based > on the kerberos principal names or on the ssl certificate DN names ? > There is no document covering this part of the use case. > This needs information and documentation update. > Thanks, > Kaushik. -- This message was sent by Atlassian Jira (v8.3.4#803005)