>Hi Christopher, >On Mon, Mar 21, 2016 at 3:53 PM, christopher palm <cpa...@gmail.com> wrote:
>> Does Kafka support SSL authentication and ACL authorization without >> Kerberos? >> >Yes. The following branch modifies the blog example slightly to only allow >SSL authentication. >https://github.com/confluentinc/securing-kafka-blog/tree/ssl-only >If so, can different clients have their own SSL certificate on the same >> broker? >> >Yes. I tried the “ssl-only” branch but am getting the following error: [vagrant@kafka ~]$ kafka-console-producer --broker-list kafka.example.com:9093 --topic securing-kafka --producer.config /etc/kafka/producer_ssl.properties test [2016-03-21 22:08:46,744] WARN Error while fetching metadata with correlation id 0 : {securing-kafka=TOPIC_AUTHORIZATION_FAILED} (org.apache.kafka.clients.NetworkClient) [2016-03-21 22:08:46,748] ERROR Error when sending message to topic securing-kafka with key: null, value: 4 bytes with error: Not authorized to access topics: [securing-kafka] (org.apache.kafka.clients.producer.internals.ErrorLoggingCallback) I did not set topic level ACL, since I do not know the Principal name to use for --allow-principal parameter of kafka-acls Any suggestions ? >In reading the following security article, it seems that Kerberos is an >> option but not required if SSL is used. >> >That's right. >Ismael