[jira] [Commented] (KAFKA-3166) Disable SSL client authentication for SASL_SSL security protocol

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/KAFKA-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15123453#comment-15123453
 ] 

ASF GitHub Bot commented on KAFKA-3166:
---

Github user ijuma closed the pull request at:

https://github.com/apache/kafka/pull/830


> Disable SSL client authentication for SASL_SSL security protocol
> 
>
> Key: KAFKA-3166
> URL: https://issues.apache.org/jira/browse/KAFKA-3166
> Project: Kafka
>  Issue Type: Improvement
>  Components: security
>Affects Versions: 0.9.0.0
>Reporter: Ismael Juma
>Assignee: Ismael Juma
>
> A useful scenario is for a broker to require clients to authenticate either 
> via SSL or via SASL (with SASL_SSL security protocol). With the current code, 
> this is not possible to achieve. If we set `ssl.client.auth` to `required`, 
> then it will be required for both SSL and SASL.
> I suggest we hardcode `ssl.client.auth` to `none` for the `SASL_SSL` case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (KAFKA-3166) Disable SSL client authentication for SASL_SSL security protocol

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/KAFKA-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15123323#comment-15123323
 ] 

ASF GitHub Bot commented on KAFKA-3166:
---

Github user asfgit closed the pull request at:

https://github.com/apache/kafka/pull/827


> Disable SSL client authentication for SASL_SSL security protocol
> 
>
> Key: KAFKA-3166
> URL: https://issues.apache.org/jira/browse/KAFKA-3166
> Project: Kafka
>  Issue Type: Improvement
>  Components: security
>Affects Versions: 0.9.0.0
>Reporter: Ismael Juma
>Assignee: Ismael Juma
>
> A useful scenario is for a broker to require clients to authenticate either 
> via SSL or via SASL (with SASL_SSL security protocol). With the current code, 
> this is not possible to achieve. If we set `ssl.client.auth` to `required`, 
> then it will be required for both SSL and SASL.
> I suggest we hardcode `ssl.client.auth` to `none` for the `SASL_SSL` case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (KAFKA-3166) Disable SSL client authentication for SASL_SSL security protocol

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/KAFKA-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15123282#comment-15123282
 ] 

ASF GitHub Bot commented on KAFKA-3166:
---

GitHub user ijuma opened a pull request:

https://github.com/apache/kafka/pull/830

KAFKA-3166; Disable SSL client authentication for SASL_SSL security 
protocol (backport)

Backport of https://github.com/apache/kafka/pull/827 to 0.9.0 that only 
includes the essential code changes (excluded the test changes due to 
conflicts).

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/ijuma/kafka 
kafka-3166-backport-disable-ssl-auth-sasl-ssl

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/kafka/pull/830.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #830


commit b5513d6a1bb86c99aef81af40f63f24b005004ff
Author: Ismael Juma 
Date:   2016-01-28T19:51:14Z

SSL client authentication should be disabled for SASL_SSL security protocol




> Disable SSL client authentication for SASL_SSL security protocol
> 
>
> Key: KAFKA-3166
> URL: https://issues.apache.org/jira/browse/KAFKA-3166
> Project: Kafka
>  Issue Type: Improvement
>  Components: security
>Affects Versions: 0.9.0.0
>Reporter: Ismael Juma
>Assignee: Ismael Juma
>
> A useful scenario is for a broker to require clients to authenticate either 
> via SSL or via SASL (with SASL_SSL security protocol). With the current code, 
> this is not possible to achieve. If we set `ssl.client.auth` to `required`, 
> then it will be required for both SSL and SASL.
> I suggest we hardcode `ssl.client.auth` to `none` for the `SASL_SSL` case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (KAFKA-3166) Disable SSL client authentication for SASL_SSL security protocol

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/KAFKA-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15122259#comment-15122259
 ] 

ASF GitHub Bot commented on KAFKA-3166:
---

GitHub user ijuma opened a pull request:

https://github.com/apache/kafka/pull/827

KAFKA-3166; Disable SSL client authentication for SASL_SSL security protocol

Also:

* Fixed a bug in `createSslConfig` where we were always generating a
keystore even if `useClientCert` was false and `mode` was `Mode.CLIENT``.
* Pass `numRecords` to `consumerRecords` and other clean-ups (formatting 
and scaladoc).


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/ijuma/kafka 
kafka-3166-disable-ssl-auth-sasl-ssl

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/kafka/pull/827.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #827


commit a73db892c96e333bd1942655014bd34662522c39
Author: Ismael Juma 
Date:   2016-01-28T19:51:14Z

SSL client authentication should be disabled for SASL_SSL security protocol

Also fixed a bug in `createSslConfig` where we were always generating a
keystore even if `useClientCert` was false and `mode` was `Mode.CLIENT``.

commit 82652211f7de1191df9f955809cf35671e0b38c8
Author: Ismael Juma 
Date:   2016-01-28T19:56:46Z

Pass `numRecords` to `consumerRecords` and clean-ups.




> Disable SSL client authentication for SASL_SSL security protocol
> 
>
> Key: KAFKA-3166
> URL: https://issues.apache.org/jira/browse/KAFKA-3166
> Project: Kafka
>  Issue Type: Improvement
>  Components: security
>Affects Versions: 0.9.0.0
>Reporter: Ismael Juma
>Assignee: Ismael Juma
>
> A useful scenario is for a broker to require clients to authenticate either 
> via SSL or via SASL (with SASL_SSL security protocol). With the current code, 
> this is not possible to achieve. If we set `ssl.client.auth` to `required`, 
> then it will be required for both SSL and SASL.
> I suggest we hardcode `ssl.client.auth` to `none` for the `SASL_SSL` case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (KAFKA-3166) Disable SSL client authentication for SASL_SSL security protocol

[Ismael Juma (JIRA)]

[ 
https://issues.apache.org/jira/browse/KAFKA-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15122266#comment-15122266
 ] 

Ismael Juma commented on KAFKA-3166:


Thoughts [~rsivaram] [~harsha_ch]?

> Disable SSL client authentication for SASL_SSL security protocol
> 
>
> Key: KAFKA-3166
> URL: https://issues.apache.org/jira/browse/KAFKA-3166
> Project: Kafka
>  Issue Type: Improvement
>  Components: security
>Affects Versions: 0.9.0.0
>Reporter: Ismael Juma
>Assignee: Ismael Juma
>
> A useful scenario is for a broker to require clients to authenticate either 
> via SSL or via SASL (with SASL_SSL security protocol). With the current code, 
> this is not possible to achieve. If we set `ssl.client.auth` to `required`, 
> then it will be required for both SSL and SASL.
> I suggest we hardcode `ssl.client.auth` to `none` for the `SASL_SSL` case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)