From 36b53f487778e919dfe6a5940dc25c552444cc7c Mon Sep 17 00:00:00 2001
From: the-sea <huhaiyang2@huawei.com>
Date: Fri, 31 Aug 2018 21:03:26 +0800
Subject: add kerberos domain name config for gssapi sasl mechanism handshake
 (#1542)

---
 kafka/conn.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'kafka/conn.py')

diff --git a/kafka/conn.py b/kafka/conn.py
index 122297b..ccaa2ed 100644
--- a/kafka/conn.py
+++ b/kafka/conn.py
@@ -176,6 +176,8 @@ class BrokerConnection(object):
             Default: None
         sasl_kerberos_service_name (str): Service name to include in GSSAPI
             sasl mechanism handshake. Default: 'kafka'
+        sasl_kerberos_domain_name (str): kerberos domain name to use in GSSAPI
+            sasl mechanism handshake. Default: one of bootstrap servers
     """
 
     DEFAULT_CONFIG = {
@@ -206,7 +208,8 @@ class BrokerConnection(object):
         'sasl_mechanism': 'PLAIN',
         'sasl_plain_username': None,
         'sasl_plain_password': None,
-        'sasl_kerberos_service_name': 'kafka'
+        'sasl_kerberos_service_name': 'kafka',
+        'sasl_kerberos_domain_name': None
     }
     SECURITY_PROTOCOLS = ('PLAINTEXT', 'SSL', 'SASL_PLAINTEXT', 'SASL_SSL')
     SASL_MECHANISMS = ('PLAIN', 'GSSAPI')
@@ -567,7 +570,8 @@ class BrokerConnection(object):
         return future.success(True)
 
     def _try_authenticate_gssapi(self, future):
-        auth_id = self.config['sasl_kerberos_service_name'] + '@' + self.host
+        kerberos_damin_name = self.config['sasl_kerberos_domain_name'] or self.host
+        auth_id = self.config['sasl_kerberos_service_name'] + '@' + kerberos_damin_name
         gssapi_name = gssapi.Name(
             auth_id,
             name_type=gssapi.NameType.hostbased_service
-- 
cgit v1.2.1