You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by BigData dev <bi...@gmail.com> on 2017/01/25 21:08:12 UTC

Reg: Kafka ACLS

Hi,
I have a question, can we use Kafka ACL's with only SASL/PLAIN mechanism.
Because after I enabled, still I am able to produce/consume from topics.

And one more observation is in kafka-_jaas.conf, there is no client
section, will get an WARN as below, as we dont have this kind of mechanisim
with zookeeper.  Just want to confirm is this expected?

*WARN SASL configuration failed: javax.security.auth.login.LoginException:
No JAAS configuration section named 'Client' was found in specified JAAS
configuration file: '/usr/iop/current/kafka-broker/conf/kafka_jaas.conf'.
Will continue connection to Zookeeper server without SASL authentication,
if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)*

KafkaClient {

org.apache.kafka.common.security.plain.PlainLoginModule required

username="alice"

password="alice-secret";

};


KafkaServer {

org.apache.kafka.common.security.plain.PlainLoginModule required

username="admin"

password="admin-secret"

user_admin="admin-secret"

user_alice="alice-secret";

};


I see recommended is SASL/PLAIN with SSL, just can we use only SASL/PLAIN
mechanisim with ACLS?

Thanks

Re: Reg: Kafka ACLS

Posted by Joris Meijer <jo...@dizzit.com>.

Why would you want to use the benefit of ACLs without mutual SSL? I think
that as soon as you decided you need ACLs, you also should add encryption.
It's relatively easy to configure.

On Thu, Jan 26, 2017, 05:35 Manikumar <ma...@gmail.com> wrote:

> Yes, we can use Kafka ACL's with SASL/PLAIN mechanism.
>
> On Thu, Jan 26, 2017 at 2:38 AM, BigData dev <bi...@gmail.com>
> wrote:
>
> > Hi,
> > I have a question, can we use Kafka ACL's with only SASL/PLAIN mechanism.
> > Because after I enabled, still I am able to produce/consume from topics.
> >
> > And one more observation is in kafka-_jaas.conf, there is no client
> > section, will get an WARN as below, as we dont have this kind of
> mechanisim
> > with zookeeper.  Just want to confirm is this expected?
> >
> > *WARN SASL configuration failed:
> javax.security.auth.login.LoginException:
> > No JAAS configuration section named 'Client' was found in specified JAAS
> > configuration file: '/usr/iop/current/kafka-broker/conf/kafka_jaas.conf'.
> > Will continue connection to Zookeeper server without SASL authentication,
> > if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)*
> >
> > KafkaClient {
> >
> > org.apache.kafka.common.security.plain.PlainLoginModule required
> >
> > username="alice"
> >
> > password="alice-secret";
> >
> > };
> >
> >
> > KafkaServer {
> >
> > org.apache.kafka.common.security.plain.PlainLoginModule required
> >
> > username="admin"
> >
> > password="admin-secret"
> >
> > user_admin="admin-secret"
> >
> > user_alice="alice-secret";
> >
> > };
> >
> >
> > I see recommended is SASL/PLAIN with SSL, just can we use only SASL/PLAIN
> > mechanisim with ACLS?
> >
> > Thanks
> >
>

Re: Reg: Kafka ACLS

Posted by Manikumar <ma...@gmail.com>.

Yes, we can use Kafka ACL's with SASL/PLAIN mechanism.

On Thu, Jan 26, 2017 at 2:38 AM, BigData dev <bi...@gmail.com>
wrote:

> Hi,
> I have a question, can we use Kafka ACL's with only SASL/PLAIN mechanism.
> Because after I enabled, still I am able to produce/consume from topics.
>
> And one more observation is in kafka-_jaas.conf, there is no client
> section, will get an WARN as below, as we dont have this kind of mechanisim
> with zookeeper.  Just want to confirm is this expected?
>
> *WARN SASL configuration failed: javax.security.auth.login.LoginException:
> No JAAS configuration section named 'Client' was found in specified JAAS
> configuration file: '/usr/iop/current/kafka-broker/conf/kafka_jaas.conf'.
> Will continue connection to Zookeeper server without SASL authentication,
> if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)*
>
> KafkaClient {
>
> org.apache.kafka.common.security.plain.PlainLoginModule required
>
> username="alice"
>
> password="alice-secret";
>
> };
>
>
> KafkaServer {
>
> org.apache.kafka.common.security.plain.PlainLoginModule required
>
> username="admin"
>
> password="admin-secret"
>
> user_admin="admin-secret"
>
> user_alice="alice-secret";
>
> };
>
>
> I see recommended is SASL/PLAIN with SSL, just can we use only SASL/PLAIN
> mechanisim with ACLS?
>
> Thanks
>