Child pages
  • KIP-83 - Allow multiple SASL authenticated Java clients in a single JVM process
Skip to end of metadata
Go to start of metadata

Status

Current state: Discarded

Discussion thread: here 

JIRA: KAFKA-4180 - Shared authentication with multiple active Kafka producers/consumers Resolved

           KAFKA-3302 - Pass kerberos keytab and principal as part of client config Resolved

Motivation

Currently the Kafka java client does not support different login contexts from within the same JVM.
IBM MessageHub has encountered many users asking for this functionality, e.g. having multiple consumers and producers in a single JVM that consumer/produce to different Kafka clusters, each requiring specific credentials.

Public Interfaces

This KIP becomes trivial after KIP-85: Dynamic JAAS configuration for Kafka clients

KIP-85 not only makes multi login easy to implement, but also removes the need for a pluggable interface to retrieve credentials not stored in jaas.conf

Proposed Changes

LoginManager should no longer be a singleton.

On the client side, LoginManager caching will be keyed on the jaas configuration object.

Compatibility, Deprecation, and Migration Plan

  • The old PlainLoginModule and its expected jaas.conf format can remain unchanged for backward compatibility for users that don't require the new functionality

 

This KIP is based on previous work by Rajini Sivaram. Thanks Rajini!

  • No labels

1 Comment

  1. Hi,

            I am already working on this in another JIRA.  KAFKA-3302 - Pass kerberos keytab and principal as part of client config Resolved  .