You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Kuttaiah (Jira)" <ji...@apache.org> on 2020/01/31 03:31:00 UTC
[jira] [Created] (KAFKA-9486) Kafka Security

Kuttaiah created KAFKA-9486:
-------------------------------

             Summary: Kafka Security
                 Key: KAFKA-9486
                 URL: https://issues.apache.org/jira/browse/KAFKA-9486
             Project: Kafka
          Issue Type: Bug
          Components: security
            Reporter: Kuttaiah


My use case is to setup different protocol for inter-broker communication and producer/consumer to broker communication.

 

Hence I have below configuration 

 
{quote}{{"zookeeper.sasl.enabled": false}}

{{  # Disable hostname verification, default is https.
  "ssl.endpoint.identification.algorithm":
  "inter.broker.listener.name": PLAINTEXT
  "listener.name.external.sasl.enabled.mechanisms": OAUTHBEARER
  "listener.name.external.oauthbearer.sasl.login.callback.handler.class": oracle.insight.common.kafka.security.OAuthBearerSignedLoginCallbackHandler
  "listener.name.external.oauthbearer.sasl.server.callback.handler.class": oracle.insight.common.kafka.security.OAuthBearerSignedValidatorCallbackHandler
  "listener.security.protocol.map": PLAINTEXT:PLAINTEXT,EXTERNAL:SASL_PLAINTEXT
  "listener.name.external.oauthbearer.sasl.jaas.config": org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required signedLoginStringClaim_ocid=insightAdmin signedLoginKeyServiceClass=oracle.insight.common.security.SMSKeyService signedValidatorKeyServiceClass=oracle.insight.common.security.SMSKeyService;
  "advertised.listeners": EXTERNAL://kafka-$((${KAFKA_BROKER_ID})).mydomain:$((${KAFKA_OUTSIDE_PORT} + ${KAFKA_BROKER_ID}))}}

{{}}
{quote}
With this i always get 

 
{quote}{{[2020-01-30 17:23:55,228] INFO [SocketServer brokerId=0] Failed authentication with /10.244.0.1 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2020-01-30 17:23:55,633] INFO [SocketServer brokerId=0] Failed authentication with /10.244.0.1 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2020-01-30 17:23:55,989] INFO [SocketServer brokerId=0] Failed authentication with /10.244.0.1 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)}}
{quote}
{{}}

From the logs it looks like  inter-broker communication is happening via SASL even though I set it to PLAIN_TEXT
{quote}{{"inter.broker.listener.name": PLAINTEXT}}

{{}}
{quote}
{{Please guide me on what exactly is missing. This is critical for our release which is happening shortly.}}

{{}}

{{thanks}}

{{Robin Kuttaiah}}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)