add kerberos domain name config for gssapi sasl mechanism handshake (#1542)

author: the-sea <huhaiyang2@huawei.com> 2018-08-31 21:03:26 +0800
committer: Dana Powers <dana.powers@gmail.com> 2018-08-31 06:03:26 -0700
commit: 36b53f487778e919dfe6a5940dc25c552444cc7c (patch)
tree: eeb843fbdaf059c964a5f16b5b8ba82735ea43d1
parent: a7d3063d5fa1c3cb2a76c16231bb3028a6f8cde9 (diff)
download: kafka-python-36b53f487778e919dfe6a5940dc25c552444cc7c.tar.gz
4 files changed, 17 insertions, 4 deletions
diff --git a/kafka/client_async.py b/kafka/client_async.py
index c0072ae..5a161bb 100644
--- a/kafka/client_async.py
+++ b/kafka/client_async.py
@@ -145,6 +145,8 @@ class KafkaClient(object):
             Default: None
         sasl_kerberos_service_name (str): Service name to include in GSSAPI
             sasl mechanism handshake. Default: 'kafka'
+        sasl_kerberos_domain_name (str): kerberos domain name to use in GSSAPI
+            sasl mechanism handshake. Default: one of bootstrap servers
     """
 
     DEFAULT_CONFIG = {
@@ -180,6 +182,7 @@ class KafkaClient(object):
         'sasl_plain_username': None,
         'sasl_plain_password': None,
         'sasl_kerberos_service_name': 'kafka',
+        'sasl_kerberos_domain_name': None
     }
 
     def __init__(self, **configs):
diff --git a/kafka/conn.py b/kafka/conn.py
index 122297b..ccaa2ed 100644
--- a/kafka/conn.py
+++ b/kafka/conn.py
@@ -176,6 +176,8 @@ class BrokerConnection(object):
             Default: None
         sasl_kerberos_service_name (str): Service name to include in GSSAPI
             sasl mechanism handshake. Default: 'kafka'
+        sasl_kerberos_domain_name (str): kerberos domain name to use in GSSAPI
+            sasl mechanism handshake. Default: one of bootstrap servers
     """
 
     DEFAULT_CONFIG = {
@@ -206,7 +208,8 @@ class BrokerConnection(object):
         'sasl_mechanism': 'PLAIN',
         'sasl_plain_username': None,
         'sasl_plain_password': None,
-        'sasl_kerberos_service_name': 'kafka'
+        'sasl_kerberos_service_name': 'kafka',
+        'sasl_kerberos_domain_name': None
     }
     SECURITY_PROTOCOLS = ('PLAINTEXT', 'SSL', 'SASL_PLAINTEXT', 'SASL_SSL')
     SASL_MECHANISMS = ('PLAIN', 'GSSAPI')
@@ -567,7 +570,8 @@ class BrokerConnection(object):
         return future.success(True)
 
     def _try_authenticate_gssapi(self, future):
-        auth_id = self.config['sasl_kerberos_service_name'] + '@' + self.host
+        kerberos_damin_name = self.config['sasl_kerberos_domain_name'] or self.host
+        auth_id = self.config['sasl_kerberos_service_name'] + '@' + kerberos_damin_name
         gssapi_name = gssapi.Name(
             auth_id,
             name_type=gssapi.NameType.hostbased_service
diff --git a/kafka/consumer/group.py b/kafka/consumer/group.py
index 1c3ec63..279cce0 100644
--- a/kafka/consumer/group.py
+++ b/kafka/consumer/group.py
@@ -240,6 +240,8 @@ class KafkaConsumer(six.Iterator):
             Default: None
         sasl_kerberos_service_name (str): Service name to include in GSSAPI
             sasl mechanism handshake. Default: 'kafka'
+        sasl_kerberos_domain_name (str): kerberos domain name to use in GSSAPI
+            sasl mechanism handshake. Default: one of bootstrap servers
 
     Note:
         Configuration parameters are described in more detail at
@@ -298,7 +300,8 @@ class KafkaConsumer(six.Iterator):
         'sasl_mechanism': None,
         'sasl_plain_username': None,
         'sasl_plain_password': None,
-        'sasl_kerberos_service_name': 'kafka'
+        'sasl_kerberos_service_name': 'kafka',
+        'sasl_kerberos_domain_name': None
     }
     DEFAULT_SESSION_TIMEOUT_MS_0_9 = 30000
 
diff --git a/kafka/producer/kafka.py b/kafka/producer/kafka.py
index d8fb5dc..24b58fe 100644
--- a/kafka/producer/kafka.py
+++ b/kafka/producer/kafka.py
@@ -270,6 +270,8 @@ class KafkaProducer(object):
             Default: None
         sasl_kerberos_service_name (str): Service name to include in GSSAPI
             sasl mechanism handshake. Default: 'kafka'
+        sasl_kerberos_domain_name (str): kerberos domain name to use in GSSAPI
+            sasl mechanism handshake. Default: one of bootstrap servers
 
     Note:
         Configuration parameters are described in more detail at
@@ -319,7 +321,8 @@ class KafkaProducer(object):
         'sasl_mechanism': None,
         'sasl_plain_username': None,
         'sasl_plain_password': None,
-        'sasl_kerberos_service_name': 'kafka'
+        'sasl_kerberos_service_name': 'kafka',
+        'sasl_kerberos_domain_name': None
     }
 
     _COMPRESSORS = {
author	the-sea <huhaiyang2@huawei.com>	2018-08-31 21:03:26 +0800
committer	Dana Powers <dana.powers@gmail.com>	2018-08-31 06:03:26 -0700
commit	36b53f487778e919dfe6a5940dc25c552444cc7c (patch)
tree	eeb843fbdaf059c964a5f16b5b8ba82735ea43d1
parent	a7d3063d5fa1c3cb2a76c16231bb3028a6f8cde9 (diff)
download	kafka-python-36b53f487778e919dfe6a5940dc25c552444cc7c.tar.gz