You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Domenic Bove (Jira)" <ji...@apache.org> on 2022/11/08 17:35:00 UTC

[jira] [Updated] (KAFKA-14369) Docs - KRAFT controller authentication example

     [ https://issues.apache.org/jira/browse/KAFKA-14369?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Domenic Bove updated KAFKA-14369:
---------------------------------
    Description: 
The [Kafka Listener docs |https://kafka.apache.org/documentation/#listener_configuration]mention how to handle kafka protocols (other than PLAINTEXT) on the KRAFT controller listener, but it is not a working example and I found that I was missing this property: 
{code:java}
sasl.mechanism.controller.protocol {code}
when attempting to do SASL_PLAINTEXT on the controller listener. I see that property here: [https://kafka.apache.org/documentation/#brokerconfigs_sasl.mechanism.controller.protocol]

But nowhere else. 

I wonder if a complete working example would be better. Here are my working configs for sasl plain on the controller
{code:java}
process.roles=controller
listeners=CONTROLLER://:9093 
node.id=1
controller.quorum.voters=1@localhost:9093
controller.listener.names=CONTROLLER
listener.security.protocol.map=CONTROLLER:SASL_PLAINTEXT
listener.name.controller.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret" user_alice="alice-secret";
listener.name.controller.sasl.enabled.mechanisms=PLAIN
listener.name.controller.sasl.mechanism=PLAIN
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.controller.protocol=PLAIN{code}
Or maybe just a callout of that property in the existing docs

  was:
The [Kafka Listener docs |https://kafka.apache.org/documentation/#listener_configuration]mention how to handle kafka protocols (other than PLAINTEXT) on the KRAFT controller listener, but it is not a working example and I found that I was missing this property: `sasl.mechanism.controller.protocol` when attempting to do SASL_PLAINTEXT on the controller listener. I see that property here: [https://kafka.apache.org/documentation/#brokerconfigs_sasl.mechanism.controller.protocol]

But nowhere else. 

I wonder if a complete working example would be better. Here are my working configs for sasl plain on the controller

 
{code:java}
process.roles=controller
listeners=CONTROLLER://:9093 
node.id=1
controller.quorum.voters=1@localhost:9093
controller.listener.names=CONTROLLER
listener.security.protocol.map=CONTROLLER:SASL_PLAINTEXT
listener.name.controller.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret" user_alice="alice-secret";
listener.name.controller.sasl.enabled.mechanisms=PLAIN
listener.name.controller.sasl.mechanism=PLAIN
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.controller.protocol=PLAIN{code}
 

Or maybe just a callout of that property in the existing docs


> Docs - KRAFT controller authentication example
> ----------------------------------------------
>
>                 Key: KAFKA-14369
>                 URL: https://issues.apache.org/jira/browse/KAFKA-14369
>             Project: Kafka
>          Issue Type: Bug
>          Components: docs
>    Affects Versions: 3.3.1
>            Reporter: Domenic Bove
>            Priority: Minor
>
> The [Kafka Listener docs |https://kafka.apache.org/documentation/#listener_configuration]mention how to handle kafka protocols (other than PLAINTEXT) on the KRAFT controller listener, but it is not a working example and I found that I was missing this property: 
> {code:java}
> sasl.mechanism.controller.protocol {code}
> when attempting to do SASL_PLAINTEXT on the controller listener. I see that property here: [https://kafka.apache.org/documentation/#brokerconfigs_sasl.mechanism.controller.protocol]
> But nowhere else. 
> I wonder if a complete working example would be better. Here are my working configs for sasl plain on the controller
> {code:java}
> process.roles=controller
> listeners=CONTROLLER://:9093 
> node.id=1
> controller.quorum.voters=1@localhost:9093
> controller.listener.names=CONTROLLER
> listener.security.protocol.map=CONTROLLER:SASL_PLAINTEXT
> listener.name.controller.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret" user_alice="alice-secret";
> listener.name.controller.sasl.enabled.mechanisms=PLAIN
> listener.name.controller.sasl.mechanism=PLAIN
> sasl.enabled.mechanisms=PLAIN
> sasl.mechanism.controller.protocol=PLAIN{code}
> Or maybe just a callout of that property in the existing docs



--
This message was sent by Atlassian Jira
(v8.20.10#820010)