Current state: Discarded
Discussion thread: here
JIRA: KAFKA-4180 - Shared authentication with multiple active Kafka producers/consumers Resolved
KAFKA-3302 - Pass kerberos keytab and principal as part of client config Resolved
Currently the Kafka java client does not support different login contexts from within the same JVM.
IBM MessageHub has encountered many users asking for this functionality, e.g. having multiple consumers and producers in a single JVM that consumer/produce to different Kafka clusters, each requiring specific credentials.
This KIP becomes trivial after KIP-85: Dynamic JAAS configuration for Kafka clients
KIP-85 not only makes multi login easy to implement, but also removes the need for a pluggable interface to retrieve credentials not stored in jaas.conf
LoginManager should no longer be a singleton.
On the client side, LoginManager caching will be keyed on the jaas configuration object.
Compatibility, Deprecation, and Migration Plan
- The old
PlainLoginModuleand its expected
jaas.confformat can remain unchanged for backward compatibility for users that don't require the new functionality
This KIP is based on previous work by Rajini Sivaram. Thanks Rajini!