Disable anonymous access to zookeeper

[Jamie Wang <ja...@opentext.com>]

Hi,

I am using Kafka 0.10.0 version. In this version, zookeeper is required. Recently we found by default zookeeper allows anonymous connect to its port and for some this seems to be a security concern. So I'd like to disable zookeeper's ability to support anonymous connect. I am wondering if I disabled this, would it impact any Kafka operations. I am only using a single node Kafka (no cluster).   Would appreciate any information or pointers on how to proceed with this or any particular documentation I should read.  Thanks I advance for your help.

Jamie

Re: Disable anonymous access to zookeeper

[Jakub Scholz <ja...@scholz.cz>]

Hi Jamie,

You should be able to use something like this:

Client {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    storeKey=true
    keyTab="/etc/security/keytabs/kafka_server.keytab"
    principal="kafka/kafka1.hostname.com@EXAMPLE.COM";
};

or this:

Client {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="kafka"
    password="123456";
};

in the Kafka JAAS config file. This defines the SASL client for connecting
to Zookeeper. You can have a look here for some more details:
http://kafka.apache.org/0100/documentation.html#security_sasl_brokernotes

Jakub

On Wed, Nov 15, 2017 at 6:23 PM, Jamie Wang <ja...@opentext.com> wrote:

> Hi,
>
> I am using Kafka 0.10.0 version. In this version, zookeeper is required.
> Recently we found by default zookeeper allows anonymous connect to its port
> and for some this seems to be a security concern. So I'd like to disable
> zookeeper's ability to support anonymous connect. I am wondering if I
> disabled this, would it impact any Kafka operations. I am only using a
> single node Kafka (no cluster).   Would appreciate any information or
> pointers on how to proceed with this or any particular documentation I
> should read.  Thanks I advance for your help.
>
> Jamie
>