You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by christopher palm <cp...@gmail.com> on 2016/03/21 16:53:09 UTC

Security with SSL and not Kerberos?

Hi All,

Does Kafka support SSL authentication and ACL authorization without
Kerberos?

If so, can different clients have their own SSL certificate on the same
broker?

In reading the following security article, it seems that Kerberos is an
option but not required if SSL is used.

Thanks,
Chris

http://www.confluent.io/blog/apache-kafka-security-authorization-authentication-encryption

"Administrators can require client authentication using either Kerberos or
Transport Layer Security (TLS) client certificates, so that Kafka brokers
know who is making each request"

Re: Security with SSL and not Kerberos?

Posted by Ismael Juma <is...@juma.me.uk>.
Hi Christopher,

On Mon, Mar 21, 2016 at 3:53 PM, christopher palm <cp...@gmail.com> wrote:

> Does Kafka support SSL authentication and ACL authorization without
> Kerberos?
>

Yes. The following branch modifies the blog example slightly to only allow
SSL authentication.

https://github.com/confluentinc/securing-kafka-blog/tree/ssl-only

If so, can different clients have their own SSL certificate on the same
> broker?
>

Yes.

In reading the following security article, it seems that Kerberos is an
> option but not required if SSL is used.
>

That's right.

Ismael

Re: Security with SSL and not Kerberos?

Posted by Adam Kunicki <ad...@streamsets.com>.
You can use SSL certificate hostname verification for rudimentary authentication rather than Kerberos. The two can be used together or independently.






On Mon, Mar 21, 2016 at 8:53 AM -0700, "christopher palm" <cp...@gmail.com> wrote:










Hi All,

Does Kafka support SSL authentication and ACL authorization without
Kerberos?

If so, can different clients have their own SSL certificate on the same
broker?

In reading the following security article, it seems that Kerberos is an
option but not required if SSL is used.

Thanks,
Chris

http://www.confluent.io/blog/apache-kafka-security-authorization-authentication-encryption

"Administrators can require client authentication using either Kerberos or
Transport Layer Security (TLS) client certificates, so that Kafka brokers
know who is making each request"