RE: Kafka User Authentication Exception

[miltan]

Hi Team,

 

Greetings,

 

We actually reached out to you for Oracle/ IT / SAP / Infor / Microsoft "VOTEC 
IT SERVICE PARTNERSHIP"  "IT SERVICE OUTSOURCING" " "PARTNER SERVICE 
SUBCONTRACTING"

 

We have very attractive newly introduce reasonably price PARTNER IT SERVICE ODC 
SUBCONTRACTING MODEL in USA, Philippines, India and Singapore etc with White 
Label Model.

 

Our LOW COST IT SERVICE ODC MODEL eliminate the cost of expensive employee 
payroll, Help partner to get profit more than 50% on each project.. ..We really 
mean it.

 

We are already working with platinum partner like NTT DATA, NEC Singapore, 
Deloitte, Hitachi consulting. ACCENTURE, Abeam Singapore etc.

 

Are u keen to understand VOTEC IT PARTNERSHIP offerings? Looping KB 
kail...@votecgroup.com | Partnership In charge |

 

Let us know your availability this week OR Next week??

 

From: mil...@votecgroup.com [mailto:mil...@votecgroup.com] 
Sent: 01 August 2023 11:36
To: users@kafka.apache.org
Subject: RE: Kafka User Authentication Exception

 

Hi Team,

 

Greetings,

 

We actually reached out to you for Oracle/ IT / SAP / Infor / Microsoft "VOTEC 
IT SERVICE PARTNERSHIP"  "IT SERVICE OUTSOURCING" " "PARTNER SERVICE 
SUBCONTRACTING"

 

We have very attractive newly introduce reasonably price PARTNER IT SERVICE ODC 
SUBCONTRACTING MODEL in USA, Philippines, India and Singapore etc with White 
Label Model.

 

Our LOW COST IT SERVICE ODC MODEL eliminate the cost of expensive employee 
payroll, Help partner to get profit more than 50% on each project.. ..We really 
mean it.

 

We are already working with platinum partner like NTT DATA, NEC Singapore, 
Deloitte, Hitachi consulting. ACCENTURE, Abeam Singapore etc.

 

Are u keen to understand VOTEC IT PARTNERSHIP offerings? Looping KB 
kail...@votecgroup.com <mailto:kail...@votecgroup.com>  | Partnership In charge 
|

 

Let us know your availability this week OR Next week??

 

From: xiansheng lao [mailto:xiansheng@icloud.com.INVALID] 
Sent: 01 August 2023 08:21
To: users@kafka.apache.org <mailto:users@kafka.apache.org> 
Subject: Kafka User Authentication Exception

 

Dear Kafka Community Team, 

 

I am a developer who is facing an issue while attempting to use SASL 
authentication with Kafka. I have tried various methods to troubleshoot the 
problem, but have not yet found a solution. Therefore, I am reaching out to 
seek your help and guidance.

 

Issue Description:

I am trying to connect to Kafka from my client application using the SASL 
authentication mechanism. In my client code, I have implemented the 
`SaslClientCallbackHandler` class to handle callbacks and provided the correct 
credentials (username and password). However, during the connection process, I 
encounter the "javax.security.sasl.SaslException: User name could not be 
obtained" error.

 

I have attempted the following steps to troubleshoot the issue:

1. Ensured that the client and Kafka Broker are using the same version of Kafka 
to avoid version compatibility issues.

2. Checked the SASL configuration to ensure that both the client and Kafka 
Broker are configured correctly with the same SASL mechanism and authentication 
parameters.

3. Examined the exception stack trace and logs, but couldn't find additional 
information regarding the root cause of the error.

4. Verified that the credentials are in the correct format and can be parsed 
correctly by the client.

5. Ensured that the network connection is stable and that the client can 
establish a connection with the Kafka Broker.

 

However, despite trying these approaches, the problem persists, and I am 
puzzled by the specific reasons behind the "User name could not be obtained" 
error.

 

In this situation, I am seeking your advice on whether there might be other 
reasons causing this error and how I can further investigate and resolve this 
issue. Any suggestions, hints, or relevant documentation would be greatly 
appreciated.

 

I am sincerely grateful for your contributions and support to the Kafka 
community and look forward to your assistance in resolving this authentication 
issue, so I can continue with my project development using Kafka.

 

Thank you for your time and patience!

 

We are using Kafka version 1.1.1 with SCRAM-PLAIN authentication mechanism, and 
we have encountered an authentication exception. Below are the detailed error 
logs. Thank you for your assistance.

 

Best regards,

[elderly gentleman]

 

2027-10-01 13:52:09,879 kafka-producer-network-thread TEST] ERROR [] 

Producer clientId-TEST] Connection to node -1 failed authentication due to: An 
error:

(java.security.PrivilegedActionException:javax.security.sasl.SaslException: 
User name could not be obtained Caused by 
javax.security.auth.callback.UnsupportedcallbackException:Unrecognized SASL 
ClientCallback)

occurred when evaluating SASL token received from the Kafka Broker.Kafka Client 
will go to AUTHENTICATION FAILED state.

 

 

RE: Kafka User Authentication Exception

[miltan]

Hi Team,

 

Greetings,

 

We actually reached out to you for Oracle/ IT / SAP / Infor / Microsoft "VOTEC 
IT SERVICE PARTNERSHIP"  "IT SERVICE OUTSOURCING" " "PARTNER SERVICE 
SUBCONTRACTING"

 

We have very attractive newly introduce reasonably price PARTNER IT SERVICE ODC 
SUBCONTRACTING MODEL in USA, Philippines, India and Singapore etc with White 
Label Model.

 

Our LOW COST IT SERVICE ODC MODEL eliminate the cost of expensive employee 
payroll, Help partner to get profit more than 50% on each project.. ..We really 
mean it.

 

We are already working with platinum partner like NTT DATA, NEC Singapore, 
Deloitte, Hitachi consulting. ACCENTURE, Abeam Singapore etc.

 

Are u keen to understand VOTEC IT PARTNERSHIP offerings? Looping KB 
kail...@votecgroup.com | Partnership In charge |

 

Let us know your availability this week OR Next week??

 

From: xiansheng lao [mailto:xiansheng@icloud.com.INVALID] 
Sent: 01 August 2023 08:21
To: users@kafka.apache.org
Subject: Kafka User Authentication Exception

 

Dear Kafka Community Team, 

 

I am a developer who is facing an issue while attempting to use SASL 
authentication with Kafka. I have tried various methods to troubleshoot the 
problem, but have not yet found a solution. Therefore, I am reaching out to 
seek your help and guidance.

 

Issue Description:

I am trying to connect to Kafka from my client application using the SASL 
authentication mechanism. In my client code, I have implemented the 
`SaslClientCallbackHandler` class to handle callbacks and provided the correct 
credentials (username and password). However, during the connection process, I 
encounter the "javax.security.sasl.SaslException: User name could not be 
obtained" error.

 

I have attempted the following steps to troubleshoot the issue:

1. Ensured that the client and Kafka Broker are using the same version of Kafka 
to avoid version compatibility issues.

2. Checked the SASL configuration to ensure that both the client and Kafka 
Broker are configured correctly with the same SASL mechanism and authentication 
parameters.

3. Examined the exception stack trace and logs, but couldn't find additional 
information regarding the root cause of the error.

4. Verified that the credentials are in the correct format and can be parsed 
correctly by the client.

5. Ensured that the network connection is stable and that the client can 
establish a connection with the Kafka Broker.

 

However, despite trying these approaches, the problem persists, and I am 
puzzled by the specific reasons behind the "User name could not be obtained" 
error.

 

In this situation, I am seeking your advice on whether there might be other 
reasons causing this error and how I can further investigate and resolve this 
issue. Any suggestions, hints, or relevant documentation would be greatly 
appreciated.

 

I am sincerely grateful for your contributions and support to the Kafka 
community and look forward to your assistance in resolving this authentication 
issue, so I can continue with my project development using Kafka.

 

Thank you for your time and patience!

 

We are using Kafka version 1.1.1 with SCRAM-PLAIN authentication mechanism, and 
we have encountered an authentication exception. Below are the detailed error 
logs. Thank you for your assistance.

 

Best regards,

[elderly gentleman]

 

2027-10-01 13:52:09,879 kafka-producer-network-thread TEST] ERROR [] 

Producer clientId-TEST] Connection to node -1 failed authentication due to: An 
error:

(java.security.PrivilegedActionException:javax.security.sasl.SaslException: 
User name could not be obtained Caused by 
javax.security.auth.callback.UnsupportedcallbackException:Unrecognized SASL 
ClientCallback)

occurred when evaluating SASL token received from the Kafka Broker.Kafka Client 
will go to AUTHENTICATION FAILED state.

 

 

Re: Kafka SASL_PLAIN Authentication Configuration

[xiao cheng]

I would check to make sure
-Djava.security.auth.login.config
is available to your application.

On Mon, Apr 10, 2023 at 7:01 PM Karthik Murugan
 wrote:

> Hello Team,
>
> We are trying to implement SASL_Plain Authentication config changes on the
> Kafka Server, and followed the below mentioned document for reference
>
> https://codeforgeek.com/how-to-set-up-authentication-in-kafka-cluster/
>
> After performing the change, when attempted to restart the kafka on a
> server encountering the error *"**java.lang.IllegalArgumentException: Could
> not find a ‘KafkaServer’ or ‘sasl_plaintext.KafkaServer’ entry in the JAAS
> configuration. System property ‘java.security.auth.login.config’ is not
> set"*.
>
> So could you let us know the additional steps and help us in resolving
> this issue.
>
> Best Regards,
> Karthik
>

Re: Kafka SASL_PLAIN Authentication Configuration

[Karthik Murugan]

Hi Everyone ,

Can anyone provide some insights on the above mentioned kafka error while
restarting kafka on the server : "*"**java.lang.IllegalArgumentException:
Could not find a ‘KafkaServer’ or ‘sasl_plaintext.KafkaServer’ entry in the
JAAS configuration. System property ‘java.security.auth.login.config’ is
not set"*."

Best Regards,
Karthik

On Mon, Apr 10, 2023 at 10:30 PM Karthik Murugan 
wrote:

> Hello Team,
>
> We are trying to implement SASL_Plain Authentication config changes on the
> Kafka Server, and followed the below mentioned document for reference
>
> https://codeforgeek.com/how-to-set-up-authentication-in-kafka-cluster/
>
> After performing the change, when attempted to restart the kafka on a
> server encountering the error *"**java.lang.IllegalArgumentException:
> Could not find a ‘KafkaServer’ or ‘sasl_plaintext.KafkaServer’ entry in the
> JAAS configuration. System property ‘java.security.auth.login.config’ is
> not set"*.
>
> So could you let us know the additional steps and help us in resolving
> this issue.
>
> Best Regards,
> Karthik
>
>
>

Kafka SASL_PLAIN Authentication Configuration

[Karthik Murugan]

Hello Team,

We are trying to implement SASL_Plain Authentication config changes on the
Kafka Server, and followed the below mentioned document for reference

https://codeforgeek.com/how-to-set-up-authentication-in-kafka-cluster/

After performing the change, when attempted to restart the kafka on a
server encountering the error *"**java.lang.IllegalArgumentException: Could
not find a ‘KafkaServer’ or ‘sasl_plaintext.KafkaServer’ entry in the JAAS
configuration. System property ‘java.security.auth.login.config’ is not
set"*.

So could you let us know the additional steps and help us in resolving
this issue.

Best Regards,
Karthik

Re: Kafka mTLS authentication

[Luke Chen]

Hi Yingjie,
No worries! Glad to help!

Luke

On Tue, Nov 23, 2021 at 5:52 PM yingjie zou  wrote:

> Hi Luke,
>
> This solved my problem.
> I'm sorry to trouble you because I didn't read the document carefully.
> Thank you very much.
>
>
> Yingjie Zou
>
> On Tue, Nov 23, 2021 at 2:20 PM Luke Chen  wrote:
>
> > Hi Yingjie,
> > > However,  I meet a problem.  If I need to add, remove or renew the
> > certificate to Kafka’s truststore, Kafka requires a reboot which would
> > impact the service available for other teams.
> >
> > > So I want to know if there is a better way to support the change of
> > Kafka’s
> > certificate without impacting the service availability?
> >
> > Yes, Kafka supports dynamically updating broker's configuration. Please
> > check here: https://kafka.apache.org/documentation/#dynamicbrokerconfigs
> ,
> > there's a section talking about "Updating SSL Truststore of an Existing
> > Listener", which should be what you're looking for.
> >
> > Good luck.
> >
> > Thank you.
> > Luke
> >
> > On Tue, Nov 23, 2021 at 1:12 PM yingjie zou 
> wrote:
> >
> > > Hi,
> > >
> > > Currently, we are going to provide Kafka services to 20+ development
> > teams
> > > in my company, we’d like to provide that as multi-tenancy - the
> different
> > > team has different authentication. And we try to use the Kafka mTLS
> > > solution.
> > >
> > > However,  I meet a problem.  If I need to add, remove or renew the
> > > certificate to Kafka’s truststore, Kafka requires a reboot which would
> > > impact the service available for other teams.
> > >
> > > So I want to know if there is a better way to support the change of
> > Kafka’s
> > > certificate without impacting the service availability?
> > >
> > > Any help is appreciated.
> > >
> > > Thanks.
> > > Yingjie Zou
> > >
> >
>

Re: Kafka mTLS authentication

[yingjie zou]

Hi Luke,

This solved my problem.
I'm sorry to trouble you because I didn't read the document carefully.
Thank you very much.


Yingjie Zou

On Tue, Nov 23, 2021 at 2:20 PM Luke Chen  wrote:

> Hi Yingjie,
> > However,  I meet a problem.  If I need to add, remove or renew the
> certificate to Kafka’s truststore, Kafka requires a reboot which would
> impact the service available for other teams.
>
> > So I want to know if there is a better way to support the change of
> Kafka’s
> certificate without impacting the service availability?
>
> Yes, Kafka supports dynamically updating broker's configuration. Please
> check here: https://kafka.apache.org/documentation/#dynamicbrokerconfigs ,
> there's a section talking about "Updating SSL Truststore of an Existing
> Listener", which should be what you're looking for.
>
> Good luck.
>
> Thank you.
> Luke
>
> On Tue, Nov 23, 2021 at 1:12 PM yingjie zou  wrote:
>
> > Hi,
> >
> > Currently, we are going to provide Kafka services to 20+ development
> teams
> > in my company, we’d like to provide that as multi-tenancy - the different
> > team has different authentication. And we try to use the Kafka mTLS
> > solution.
> >
> > However,  I meet a problem.  If I need to add, remove or renew the
> > certificate to Kafka’s truststore, Kafka requires a reboot which would
> > impact the service available for other teams.
> >
> > So I want to know if there is a better way to support the change of
> Kafka’s
> > certificate without impacting the service availability?
> >
> > Any help is appreciated.
> >
> > Thanks.
> > Yingjie Zou
> >
>

Re: Kafka mTLS authentication

[Luke Chen]

Hi Yingjie,
> However,  I meet a problem.  If I need to add, remove or renew the
certificate to Kafka’s truststore, Kafka requires a reboot which would
impact the service available for other teams.

> So I want to know if there is a better way to support the change of
Kafka’s
certificate without impacting the service availability?

Yes, Kafka supports dynamically updating broker's configuration. Please
check here: https://kafka.apache.org/documentation/#dynamicbrokerconfigs ,
there's a section talking about "Updating SSL Truststore of an Existing
Listener", which should be what you're looking for.

Good luck.

Thank you.
Luke

On Tue, Nov 23, 2021 at 1:12 PM yingjie zou  wrote:

> Hi,
>
> Currently, we are going to provide Kafka services to 20+ development teams
> in my company, we’d like to provide that as multi-tenancy - the different
> team has different authentication. And we try to use the Kafka mTLS
> solution.
>
> However,  I meet a problem.  If I need to add, remove or renew the
> certificate to Kafka’s truststore, Kafka requires a reboot which would
> impact the service available for other teams.
>
> So I want to know if there is a better way to support the change of Kafka’s
> certificate without impacting the service availability?
>
> Any help is appreciated.
>
> Thanks.
> Yingjie Zou
>

Kafka mTLS authentication

[yingjie zou]

Hi,

Currently, we are going to provide Kafka services to 20+ development teams
in my company, we’d like to provide that as multi-tenancy - the different
team has different authentication. And we try to use the Kafka mTLS
solution.

However,  I meet a problem.  If I need to add, remove or renew the
certificate to Kafka’s truststore, Kafka requires a reboot which would
impact the service available for other teams.

So I want to know if there is a better way to support the change of Kafka’s
certificate without impacting the service availability?

Any help is appreciated.

Thanks.
Yingjie Zou

Re: Kafka Custom Authentication & Authorization

[Arunkumar]

Hi There
We are also trying to do the same and we are trying to over ride 
PlainLoginModule as well. When I add a jar it is not identifying and loading 
the jar. If there is any examples which we can follow will be usefull. Any help 
is highly appreciated.
Thanks in advanceArunkumar Pichaimuthu, PMP 

On Tuesday, November 14, 2017, 5:31:58 AM CST, 陈江枫  
wrote:  
 
 You can implement your own authenticator, check SaslAuthenticator  , and
your own authorizer, check SimpleAuthorizer

2017-11-12 9:39 GMT+08:00 chidigam . :

> Hi All,
> To Authenticate & Authorize the producer and consumers, I want to
> integrate  with third party Entitlement manager. Is there reference
> implementation ?
>
> Any link for doc or comments I appreciate.
>
> Regards
> Bhanu
>
  

Re: Kafka Custom Authentication & Authorization

[陈江枫]

You can implement your own authenticator, check SaslAuthenticator  , and
your own authorizer, check SimpleAuthorizer

2017-11-12 9:39 GMT+08:00 chidigam . :

> Hi All,
> To Authenticate & Authorize the producer and consumers, I want to
> integrate  with third party Entitlement manager. Is there reference
> implementation ?
>
> Any link for doc or comments I appreciate.
>
> Regards
> Bhanu
>

Kafka Custom Authentication & Authorization

[chidigam .]

Hi All,
To Authenticate & Authorize the producer and consumers, I want to
integrate  with third party Entitlement manager. Is there reference
implementation ?

Any link for doc or comments I appreciate.

Regards
Bhanu

Kafka TLS Authentication for brokers and clients (w/o Zookeeper Auth)

[M. Manna]

Hello,

>From Kafka Documentation - I understand that Authentication and encryption
can be enabled for inter-broker, broker-client exchanges. By exchanges, i
mean data transfer-related activities.

My questions are:

1) Is it common to have ONLY inter-broker and broker-client exchanges, but
only plain transfer between zookeeper? in other words, is it common to only
put authentication for brokers and clients, but not zookeepers.

2) If I also want to use authentication for zookeeper-zookeeper exchanges,
is there any known performance issues I should be concerned about?

I would be grateful if someone could provide a dummy example of having both
implemented. I can see kafka online documentation which shows self-signing
certificates and keystore usage for inter-broker and broker-client
authentication, but I cannot see much mentioning of zookeeper to broker
exchanges (may be i missed it).

Kindest Regards,
M. Manna

Re: KAFKA-1477 (authentication layer) and 0.8.2

[Rajasekar Elango]

Yes we are very much interested in getting this code merged to trunk. I can
also do testing once it's available on trunk.

Thanks,
Raja.


On Fri, Jul 25, 2014 at 12:11 PM, Joe Stein joe.st...@stealth.ly wrote:

 Hi Chris, glad to hear that even more folks are going to (want to) use the
 feature.  I didn't author the patch (Raja and Ivan did) and created the
 fork so folks could test it without much fuss.

 I just commented on the ticket to address Jun's last comment and think it
 also answers your question too.

 I know folks are using this now and other folks are looking to use it out
 of the core project.

 As long as it has a way to cause no harm when it is off I believe it really
 adds to the value Kafka brings to a number of organizations that can't use
 Kafka just because of this one thing.

 I am looking forward to being able to commit it to trunk.

 /***
  Joe Stein
  Founder, Principal Consultant
  Big Data Open Source Security LLC
  http://www.stealth.ly
  Twitter: @allthingshadoop http://www.twitter.com/allthingshadoop
 /


 On Fri, Jul 25, 2014 at 11:34 AM, Chris Neal cwn...@gmail.com wrote:

  Hi guys,
 
  This JIRA (https://issues.apache.org/jira/browse/KAFKA-1477) leads me to
  believe that an authentication layer implementation is planned as part of
  the 0.8.2 release.  I was wondering if this is still the case?
 
  There was an earlier thread talking about security, but there hasn't been
  activity on it in awhile.
 
  I grabbed Joe's fork and it works, but I was wondering about it getting
  merged back into the official 0.8.2 codebase, or is this more likely
  something that will be in 0.9?
 
  Thanks!
 




-- 
Thanks,
Raja.

Re: Kafka and authentication

[Jonathan Hodges]

+1 for security branch

We are willing to assist with the merge.


On Wed, Apr 2, 2014 at 8:32 AM, Joe Stein joe.st...@stealth.ly wrote:

 Hi Raja, do you have an ICLA https://www.apache.org/licenses/icla.txt on
 file with Apache?

 One thought would be to branch a security branch at the commit you forked
 from.  Then treat the rest of your commits as a contrib patch (requires
 vote).

 Then we could work on merging it into upstream and knock out some of the
 security items.

 Thoughts?

 /***
  Joe Stein
  Founder, Principal Consultant
  Big Data Open Source Security LLC
  http://www.stealth.ly
  Twitter: @allthingshadoop http://www.twitter.com/allthingshadoop
 /


 On Mon, Mar 31, 2014 at 11:20 AM, Rajasekar Elango
 rela...@salesforce.comwrote:

  Hi Vijay,
 
  We implemented mutual ssl authentication in kafka for our internal use
 and
  we have plans to it contributed back to community.  But we implemented
 SSL
  over
  older snapshot of version of kafka 0.8 release. We have been busy with
  other projects and haven't got chance to merge our ssl changes to latest
  version
  of kafka. If you are interested in looking at the changes we made this,
 its
  available in my github fork of apache kafka (
  https://github.com/relango/kafka/tree/kafka_security)
 
  Thanks,
  Raja.
 
 
  On Fri, Mar 28, 2014 at 10:06 PM, Neha Narkhede neha.narkh...@gmail.com
  wrote:
 
   Hi Vijay,
  
   The document you pointed out has our initial thoughts on Kafka
 security.
   This work is still in design and discussion phase, no code has been
  written
   as such and we hope to pick it up in a couple months. However, if you
  have
   thoughts on how it should work and/or would like to contribute patches,
  we
   would be happy to collaborate with you.
  
   Thanks,
   Neha
  
  
   On Fri, Mar 28, 2014 at 4:05 PM, Vijay Ramachandran 
   vramachand...@apple.com
wrote:
  
Hi All,
   
I was googling around for info on securing kafka. The best document I
could find was
   https://cwiki.apache.org/confluence/display/KAFKA/Security,
which is kind of old. It is not clear if any steps were taken after
   this
doc was put together. Looking at the features / bug fixes in kafka
 also
does not paint a clear picture. Hence this set of questions :
   
Is there a way to make kafka authenticate a producer sending
 messages /
consumer reading messages ?
Is there a way to make kafka authenticate itself to the ZooKeeper
   ensemble
?
   
Any info will be deeply appreciated
   
Thanks
   
Vijay
  
 
 
 
  --
  Thanks,
  Raja.
 

Re: Kafka and authentication

[Joe Stein]

Hi Raja, do you have an ICLA https://www.apache.org/licenses/icla.txt on
file with Apache?

One thought would be to branch a security branch at the commit you forked
from.  Then treat the rest of your commits as a contrib patch (requires
vote).

Then we could work on merging it into upstream and knock out some of the
security items.

Thoughts?

/***
 Joe Stein
 Founder, Principal Consultant
 Big Data Open Source Security LLC
 http://www.stealth.ly
 Twitter: @allthingshadoop http://www.twitter.com/allthingshadoop
/


On Mon, Mar 31, 2014 at 11:20 AM, Rajasekar Elango
rela...@salesforce.comwrote:

 Hi Vijay,

 We implemented mutual ssl authentication in kafka for our internal use and
 we have plans to it contributed back to community.  But we implemented SSL
 over
 older snapshot of version of kafka 0.8 release. We have been busy with
 other projects and haven't got chance to merge our ssl changes to latest
 version
 of kafka. If you are interested in looking at the changes we made this, its
 available in my github fork of apache kafka (
 https://github.com/relango/kafka/tree/kafka_security)

 Thanks,
 Raja.


 On Fri, Mar 28, 2014 at 10:06 PM, Neha Narkhede neha.narkh...@gmail.com
 wrote:

  Hi Vijay,
 
  The document you pointed out has our initial thoughts on Kafka security.
  This work is still in design and discussion phase, no code has been
 written
  as such and we hope to pick it up in a couple months. However, if you
 have
  thoughts on how it should work and/or would like to contribute patches,
 we
  would be happy to collaborate with you.
 
  Thanks,
  Neha
 
 
  On Fri, Mar 28, 2014 at 4:05 PM, Vijay Ramachandran 
  vramachand...@apple.com
   wrote:
 
   Hi All,
  
   I was googling around for info on securing kafka. The best document I
   could find was
  https://cwiki.apache.org/confluence/display/KAFKA/Security,
   which is kind of old. It is not clear if any steps were taken after
  this
   doc was put together. Looking at the features / bug fixes in kafka also
   does not paint a clear picture. Hence this set of questions :
  
   Is there a way to make kafka authenticate a producer sending messages /
   consumer reading messages ?
   Is there a way to make kafka authenticate itself to the ZooKeeper
  ensemble
   ?
  
   Any info will be deeply appreciated
  
   Thanks
  
   Vijay
 



 --
 Thanks,
 Raja.

Re: Kafka and authentication

[Rajasekar Elango]

Hi Vijay,

We implemented mutual ssl authentication in kafka for our internal use and
we have plans to it contributed back to community.  But we implemented SSL over
older snapshot of version of kafka 0.8 release. We have been busy with
other projects and haven't got chance to merge our ssl changes to latest
version
of kafka. If you are interested in looking at the changes we made this, its
available in my github fork of apache kafka (
https://github.com/relango/kafka/tree/kafka_security)

Thanks,
Raja.


On Fri, Mar 28, 2014 at 10:06 PM, Neha Narkhede neha.narkh...@gmail.comwrote:

 Hi Vijay,

 The document you pointed out has our initial thoughts on Kafka security.
 This work is still in design and discussion phase, no code has been written
 as such and we hope to pick it up in a couple months. However, if you have
 thoughts on how it should work and/or would like to contribute patches, we
 would be happy to collaborate with you.

 Thanks,
 Neha


 On Fri, Mar 28, 2014 at 4:05 PM, Vijay Ramachandran 
 vramachand...@apple.com
  wrote:

  Hi All,
 
  I was googling around for info on securing kafka. The best document I
  could find was
 https://cwiki.apache.org/confluence/display/KAFKA/Security,
  which is kind of old. It is not clear if any steps were taken after
 this
  doc was put together. Looking at the features / bug fixes in kafka also
  does not paint a clear picture. Hence this set of questions :
 
  Is there a way to make kafka authenticate a producer sending messages /
  consumer reading messages ?
  Is there a way to make kafka authenticate itself to the ZooKeeper
 ensemble
  ?
 
  Any info will be deeply appreciated
 
  Thanks
 
  Vijay




-- 
Thanks,
Raja.

Kafka and authentication

[Vijay Ramachandran]

Hi All,

I was googling around for info on securing kafka. The best document I could 
find was https://cwiki.apache.org/confluence/display/KAFKA/Security, which is 
“kind of old”. It is not clear if any steps were taken after this doc was put 
together. Looking at the features / bug fixes in kafka also does not paint a 
clear picture. Hence this set of questions :

Is there a way to make kafka authenticate a producer sending messages / 
consumer reading messages ?
Is there a way to make kafka authenticate itself to the ZooKeeper ensemble ?

Any info will be deeply appreciated

Thanks

Vijay

Re: Kafka and authentication

[Neha Narkhede]

Hi Vijay,

The document you pointed out has our initial thoughts on Kafka security.
This work is still in design and discussion phase, no code has been written
as such and we hope to pick it up in a couple months. However, if you have
thoughts on how it should work and/or would like to contribute patches, we
would be happy to collaborate with you.

Thanks,
Neha


On Fri, Mar 28, 2014 at 4:05 PM, Vijay Ramachandran vramachand...@apple.com
 wrote:

 Hi All,

 I was googling around for info on securing kafka. The best document I
 could find was https://cwiki.apache.org/confluence/display/KAFKA/Security,
 which is kind of old. It is not clear if any steps were taken after this
 doc was put together. Looking at the features / bug fixes in kafka also
 does not paint a clear picture. Hence this set of questions :

 Is there a way to make kafka authenticate a producer sending messages /
 consumer reading messages ?
 Is there a way to make kafka authenticate itself to the ZooKeeper ensemble
 ?

 Any info will be deeply appreciated

 Thanks

 Vijay