diff options
| author | Andre Araujo <araujo@cloudera.com> | 2017-10-25 14:04:59 -0700 |
|---|---|---|
| committer | Dana Powers <dana.powers@gmail.com> | 2017-12-26 09:49:05 -0800 |
| commit | 4cfeaca5c867e15213420caad400f5f1863f64e3 (patch) | |
| tree | 5ae006e83afa93046fd72106f072b16f84a337ab /kafka/protocol/commit.py | |
| parent | c49ae90b105fad958dbc60499aeedd27ff52416c (diff) | |
| download | kafka-python-4cfeaca5c867e15213420caad400f5f1863f64e3.tar.gz | |
Add security layer negotiation to the GSSAPI authentication. (#1283)
When trying to establish a connection with Kafka using SASL with the
GSSAPI authentication mechanism the connection was hanging an timing out
after 60 secons. On the Kafka broker side I noticed that the
SaslServerAuthenticator was going from the AUTHENTICATE to the FAILED state.
The GSSAPI auth implementation was missing the second handshake defined in
RFC 2222, which happens after the security context is established. This
handshake is used by the client and server to negotiate the security layer (QoP)
to be used for the connection.
Kafka currently only support the "auth" QoP, so the implementation in this commit
doesn't make it configurable, but this can be extended later.
With this change I was able to successfully connect to a Kerberos-enabled Kafka
broker using the SASL_PLAINTEXT protocol and the GSSAPI mechanism.
Diffstat (limited to 'kafka/protocol/commit.py')
0 files changed, 0 insertions, 0 deletions