KIP-282 — Add the listener name to the authentication context
Accepted Kafka 2.0 SecurityBroker
Adds the listener name to the AuthenticationContext passed to Kafka's pluggable PrincipalBuilder, allowing principal mapping logic to vary per listener (e.g., map clients differently on the internal vs external listener). Without the listener name, PrincipalBuilder implementations had to infer the listener from the client's IP address, which is fragile in NAT or load-balanced environments.
Details
| Author | Mickael Maison |
| Status | Accepted |
| Kafka Version | 2.0 |
| JIRA | KAFKA-6750 |
| Wiki | View on Apache Wiki |
| Created | 2018-04-05 |
| Last Modified | 2018-05-16 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.