This repository has been archived by the owner on Mar 29, 2023. It is now read-only.
[FEAT] Add support for Kafka Authentication #169
Labels
data-collector
enhancement
New feature or request
report-parser
slack-connector
wontfix
This will not be worked on
Comments
DanHatesNumbers
added
enhancement
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is your feature request related to a problem? Please describe.
As a Kiln Administrator
I want Kiln components to add support for Kafka authentication
So that I can control access to my Kafka cluster
Describe the solution you'd like
Kafka supports a number of authentication mechanisms: GSSAPI (Kerberos), Plain, OAuthBearer, SASL SCRAM, Delegation tokens and mutually authenticated TLS. Kiln components should add support for at least one of these mechanisms to allow Kafka clusters to disallow unauthenticated connections.
Additional context
Simplest approach that maintains reasonable security is probably SASL SCRAM. We're already requiring that Kiln connects over TLS, this provides a salted challenge-response mechanism (https://tools.ietf.org/html/rfc5802 for details) and doesn't have the added complexity of managing client certificates.
The text was updated successfully, but these errors were encountered: