KIP-371 — Add a configuration to build custom SSL principal name
Accepted Kafka 2.2 Security
Adds an `ssl.principal.mapping.rules` config that accepts a list of regex substitution rules to transform an SSL certificate's X.500 Distinguished Name into a short `KafkaPrincipal` username. By default, SSL principals are the full DN string (`CN=writeuser,OU=Unknown,...`), which is unwieldy for ACLs and operator tooling.
Details
| Author | Manikumar Reddy O. |
| Status | Accepted |
| Kafka Version | 2.2 |
| JIRA | KAFKA-5462 |
| Wiki | View on Apache Wiki |
| Created | 2018-09-05 |
| Last Modified | 2018-10-10 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.