KIP-373 — Allow users to create delegation tokens for other users
Accepted Kafka 3.3 Security
Allows users with sufficient privilege to create delegation tokens on behalf of other users by adding an optional `owner_principal` field to the `CreateDelegationToken` request. Previously, delegation tokens could only be created for the currently authenticated user, preventing service accounts and administrators from pre-provisioning tokens for other principals.
Protocol Impact
CreateAcls · CreateDelegationToken · DeleteAcls · DescribeAcls · DescribeDelegationToken
Details
| Author | Manikumar Reddy O. |
| Status | Accepted |
| Kafka Version | 3.3 |
| JIRA | KAFKA-6945 |
| Wiki | View on Apache Wiki |
| Created | 2018-09-18 |
| Last Modified | 2020-01-31 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.