You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by BigData dev <bi...@gmail.com> on 2016/12/09 18:40:56 UTC
Reg: ACLS
Hi All,
I have a question here, Does Kafka support ACL's with out kerberos/SSL?
Any info on this would be greatly helpful.
Thanks
Re: Reg: ACLS
Posted by Ismael Juma <is...@juma.me.uk>.
Yes, that's correct.
Ismael
On Sat, Dec 10, 2016 at 11:02 AM, BigData dev <bi...@gmail.com>
wrote:
> Hi Ashish, Ismael
> Thanks for Info.
> So on Kafka Cluster (With out any security enabled) I can add ACLS with IP
> address.
> Is that correct?
>
>
> Thanks,
> Bharat
>
>
> On Fri, Dec 9, 2016 at 11:14 AM, Ashish Singh <as...@cloudera.com> wrote:
>
> > Ismael, thanks for the correction. I assumed the question was targeted
> for
> > without any security enabled, but yea even then IP based auth is
> possible.
> >
> > On Fri, Dec 9, 2016 at 11:01 AM, Ismael Juma <is...@juma.me.uk> wrote:
> >
> > > It is possible to use ACLs with IPs or other SASL mechanisms (PLAIN for
> > > example). So Kerberos and SSL are not required (although commonly
> used).
> > >
> > > Ismael
> > >
> > > On Fri, Dec 9, 2016 at 6:59 PM, Ashish Singh <as...@cloudera.com>
> > wrote:
> > >
> > > > Hey,
> > > >
> > > > No it does not. Without kerberos or ssl, all requests will appear to
> > come
> > > > from anonymous user, and as long as a user is not identified it is
> not
> > > > possible to do authorization on.
> > > >
> > > > On Fri, Dec 9, 2016 at 10:40 AM, BigData dev <
> bigdatadevguy@gmail.com>
> > > > wrote:
> > > >
> > > > > Hi All,
> > > > > I have a question here, Does Kafka support ACL's with out
> > kerberos/SSL?
> > > > >
> > > > > Any info on this would be greatly helpful.
> > > > >
> > > > >
> > > > > Thanks
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > Regards,
> > > > Ashish
> > > >
> > >
> >
> >
> >
> > --
> >
> > Regards,
> > Ashish
> >
>
Re: Reg: ACLS
Posted by Manikumar <ma...@gmail.com>.
The default principal for Plaintext transport is "ANONYMOUS".
On Sun, Dec 11, 2016 at 12:58 AM, BigData dev <bi...@gmail.com>
wrote:
> Hi,
>
> bin/kafka-acls.sh --topic kafka-testtopic --add -allow-host 9.30.15.19
> --operation Write --authorizer-properties
> zookeeper.connect=hostname.abc.com:2181
>
> Below message I am getting.
> You must specify one of: --allow-principal, --deny-principal when
> trying to add ACLs.
>
> So, as kerberos is not enabled what will be the allow-principal value.
>
> Any information on this would be greatly helpful.
>
>
>
> Thanks
>
> On Sat, Dec 10, 2016 at 11:02 AM, BigData dev <bi...@gmail.com>
> wrote:
>
> > Hi Ashish, Ismael
> > Thanks for Info.
> > So on Kafka Cluster (With out any security enabled) I can add ACLS with
> IP
> > address.
> > Is that correct?
> >
> >
> > Thanks,
> > Bharat
> >
> >
> > On Fri, Dec 9, 2016 at 11:14 AM, Ashish Singh <as...@cloudera.com>
> wrote:
> >
> >> Ismael, thanks for the correction. I assumed the question was targeted
> for
> >> without any security enabled, but yea even then IP based auth is
> possible.
> >>
> >> On Fri, Dec 9, 2016 at 11:01 AM, Ismael Juma <is...@juma.me.uk> wrote:
> >>
> >> > It is possible to use ACLs with IPs or other SASL mechanisms (PLAIN
> for
> >> > example). So Kerberos and SSL are not required (although commonly
> used).
> >> >
> >> > Ismael
> >> >
> >> > On Fri, Dec 9, 2016 at 6:59 PM, Ashish Singh <as...@cloudera.com>
> >> wrote:
> >> >
> >> > > Hey,
> >> > >
> >> > > No it does not. Without kerberos or ssl, all requests will appear to
> >> come
> >> > > from anonymous user, and as long as a user is not identified it is
> not
> >> > > possible to do authorization on.
> >> > >
> >> > > On Fri, Dec 9, 2016 at 10:40 AM, BigData dev <
> bigdatadevguy@gmail.com
> >> >
> >> > > wrote:
> >> > >
> >> > > > Hi All,
> >> > > > I have a question here, Does Kafka support ACL's with out
> >> kerberos/SSL?
> >> > > >
> >> > > > Any info on this would be greatly helpful.
> >> > > >
> >> > > >
> >> > > > Thanks
> >> > > >
> >> > >
> >> > >
> >> > >
> >> > > --
> >> > >
> >> > > Regards,
> >> > > Ashish
> >> > >
> >> >
> >>
> >>
> >>
> >> --
> >>
> >> Regards,
> >> Ashish
> >>
> >
> >
>
Re: Reg: ACLS
Posted by BigData dev <bi...@gmail.com>.
Hi,
bin/kafka-acls.sh --topic kafka-testtopic --add -allow-host 9.30.15.19
--operation Write --authorizer-properties
zookeeper.connect=hostname.abc.com:2181
Below message I am getting.
You must specify one of: --allow-principal, --deny-principal when
trying to add ACLs.
So, as kerberos is not enabled what will be the allow-principal value.
Any information on this would be greatly helpful.
Thanks
On Sat, Dec 10, 2016 at 11:02 AM, BigData dev <bi...@gmail.com>
wrote:
> Hi Ashish, Ismael
> Thanks for Info.
> So on Kafka Cluster (With out any security enabled) I can add ACLS with IP
> address.
> Is that correct?
>
>
> Thanks,
> Bharat
>
>
> On Fri, Dec 9, 2016 at 11:14 AM, Ashish Singh <as...@cloudera.com> wrote:
>
>> Ismael, thanks for the correction. I assumed the question was targeted for
>> without any security enabled, but yea even then IP based auth is possible.
>>
>> On Fri, Dec 9, 2016 at 11:01 AM, Ismael Juma <is...@juma.me.uk> wrote:
>>
>> > It is possible to use ACLs with IPs or other SASL mechanisms (PLAIN for
>> > example). So Kerberos and SSL are not required (although commonly used).
>> >
>> > Ismael
>> >
>> > On Fri, Dec 9, 2016 at 6:59 PM, Ashish Singh <as...@cloudera.com>
>> wrote:
>> >
>> > > Hey,
>> > >
>> > > No it does not. Without kerberos or ssl, all requests will appear to
>> come
>> > > from anonymous user, and as long as a user is not identified it is not
>> > > possible to do authorization on.
>> > >
>> > > On Fri, Dec 9, 2016 at 10:40 AM, BigData dev <bigdatadevguy@gmail.com
>> >
>> > > wrote:
>> > >
>> > > > Hi All,
>> > > > I have a question here, Does Kafka support ACL's with out
>> kerberos/SSL?
>> > > >
>> > > > Any info on this would be greatly helpful.
>> > > >
>> > > >
>> > > > Thanks
>> > > >
>> > >
>> > >
>> > >
>> > > --
>> > >
>> > > Regards,
>> > > Ashish
>> > >
>> >
>>
>>
>>
>> --
>>
>> Regards,
>> Ashish
>>
>
>
Re: Reg: ACLS
Posted by BigData dev <bi...@gmail.com>.
Hi Ashish, Ismael
Thanks for Info.
So on Kafka Cluster (With out any security enabled) I can add ACLS with IP
address.
Is that correct?
Thanks,
Bharat
On Fri, Dec 9, 2016 at 11:14 AM, Ashish Singh <as...@cloudera.com> wrote:
> Ismael, thanks for the correction. I assumed the question was targeted for
> without any security enabled, but yea even then IP based auth is possible.
>
> On Fri, Dec 9, 2016 at 11:01 AM, Ismael Juma <is...@juma.me.uk> wrote:
>
> > It is possible to use ACLs with IPs or other SASL mechanisms (PLAIN for
> > example). So Kerberos and SSL are not required (although commonly used).
> >
> > Ismael
> >
> > On Fri, Dec 9, 2016 at 6:59 PM, Ashish Singh <as...@cloudera.com>
> wrote:
> >
> > > Hey,
> > >
> > > No it does not. Without kerberos or ssl, all requests will appear to
> come
> > > from anonymous user, and as long as a user is not identified it is not
> > > possible to do authorization on.
> > >
> > > On Fri, Dec 9, 2016 at 10:40 AM, BigData dev <bi...@gmail.com>
> > > wrote:
> > >
> > > > Hi All,
> > > > I have a question here, Does Kafka support ACL's with out
> kerberos/SSL?
> > > >
> > > > Any info on this would be greatly helpful.
> > > >
> > > >
> > > > Thanks
> > > >
> > >
> > >
> > >
> > > --
> > >
> > > Regards,
> > > Ashish
> > >
> >
>
>
>
> --
>
> Regards,
> Ashish
>
Re: Reg: ACLS
Posted by Ashish Singh <as...@cloudera.com>.
Ismael, thanks for the correction. I assumed the question was targeted for
without any security enabled, but yea even then IP based auth is possible.
On Fri, Dec 9, 2016 at 11:01 AM, Ismael Juma <is...@juma.me.uk> wrote:
> It is possible to use ACLs with IPs or other SASL mechanisms (PLAIN for
> example). So Kerberos and SSL are not required (although commonly used).
>
> Ismael
>
> On Fri, Dec 9, 2016 at 6:59 PM, Ashish Singh <as...@cloudera.com> wrote:
>
> > Hey,
> >
> > No it does not. Without kerberos or ssl, all requests will appear to come
> > from anonymous user, and as long as a user is not identified it is not
> > possible to do authorization on.
> >
> > On Fri, Dec 9, 2016 at 10:40 AM, BigData dev <bi...@gmail.com>
> > wrote:
> >
> > > Hi All,
> > > I have a question here, Does Kafka support ACL's with out kerberos/SSL?
> > >
> > > Any info on this would be greatly helpful.
> > >
> > >
> > > Thanks
> > >
> >
> >
> >
> > --
> >
> > Regards,
> > Ashish
> >
>
--
Regards,
Ashish
Re: Reg: ACLS
Posted by Ismael Juma <is...@juma.me.uk>.
It is possible to use ACLs with IPs or other SASL mechanisms (PLAIN for
example). So Kerberos and SSL are not required (although commonly used).
Ismael
On Fri, Dec 9, 2016 at 6:59 PM, Ashish Singh <as...@cloudera.com> wrote:
> Hey,
>
> No it does not. Without kerberos or ssl, all requests will appear to come
> from anonymous user, and as long as a user is not identified it is not
> possible to do authorization on.
>
> On Fri, Dec 9, 2016 at 10:40 AM, BigData dev <bi...@gmail.com>
> wrote:
>
> > Hi All,
> > I have a question here, Does Kafka support ACL's with out kerberos/SSL?
> >
> > Any info on this would be greatly helpful.
> >
> >
> > Thanks
> >
>
>
>
> --
>
> Regards,
> Ashish
>
Re: Reg: ACLS
Posted by Ashish Singh <as...@cloudera.com>.
Hey,
No it does not. Without kerberos or ssl, all requests will appear to come
from anonymous user, and as long as a user is not identified it is not
possible to do authorization on.
On Fri, Dec 9, 2016 at 10:40 AM, BigData dev <bi...@gmail.com>
wrote:
> Hi All,
> I have a question here, Does Kafka support ACL's with out kerberos/SSL?
>
> Any info on this would be greatly helpful.
>
>
> Thanks
>
--
Regards,
Ashish