KIP-86 — Configurable SASL callback handlers
Accepted Kafka 2.0 Security
Introduces pluggable SASL callback handlers for both client and server sides, decoupling credential verification logic from the SASL mechanism implementation via configurable sasl.server.callback.handler.class and sasl.client.callback.handler.class. Kafka's built-in SASL/PLAIN and SASL/SCRAM handlers hard-coded credential lookups (JAAS config or ZooKeeper), making it impossible to integrate alternative credential stores without replacing the entire SaslServer.
Details
| Author | Rajini Sivaram |
| Status | Accepted |
| Kafka Version | 2.0 |
| JIRA | KAFKA-4292 |
| Wiki | View on Apache Wiki |
| Created | 2016-10-11 |
| Last Modified | 2018-04-25 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.