Why would you want to use the benefit of ACLs without mutual SSL? I think that as soon as you decided you need ACLs, you also should add encryption. It's relatively easy to configure.
On Thu, Jan 26, 2017, 05:35 Manikumar <manikumar.re...@gmail.com> wrote: > Yes, we can use Kafka ACL's with SASL/PLAIN mechanism. > > On Thu, Jan 26, 2017 at 2:38 AM, BigData dev <bigdatadev...@gmail.com> > wrote: > > > Hi, > > I have a question, can we use Kafka ACL's with only SASL/PLAIN mechanism. > > Because after I enabled, still I am able to produce/consume from topics. > > > > And one more observation is in kafka-_jaas.conf, there is no client > > section, will get an WARN as below, as we dont have this kind of > mechanisim > > with zookeeper. Just want to confirm is this expected? > > > > *WARN SASL configuration failed: > javax.security.auth.login.LoginException: > > No JAAS configuration section named 'Client' was found in specified JAAS > > configuration file: '/usr/iop/current/kafka-broker/conf/kafka_jaas.conf'. > > Will continue connection to Zookeeper server without SASL authentication, > > if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)* > > > > KafkaClient { > > > > org.apache.kafka.common.security.plain.PlainLoginModule required > > > > username="alice" > > > > password="alice-secret"; > > > > }; > > > > > > KafkaServer { > > > > org.apache.kafka.common.security.plain.PlainLoginModule required > > > > username="admin" > > > > password="admin-secret" > > > > user_admin="admin-secret" > > > > user_alice="alice-secret"; > > > > }; > > > > > > I see recommended is SASL/PLAIN with SSL, just can we use only SASL/PLAIN > > mechanisim with ACLS? > > > > Thanks > > >