Why would you want to use the benefit of ACLs without mutual SSL? I think
that as soon as you decided you need ACLs, you also should add encryption.
It's relatively easy to configure.
On Thu, Jan 26, 2017, 05:35 Manikumar <manikumar.re...@gmail.com> wrote:
> Yes, we can use Kafka ACL's with SASL/PLAIN mechanism.
>
> On Thu, Jan 26, 2017 at 2:38 AM, BigData dev <bigdatadev...@gmail.com>
> wrote:
>
> > Hi,
> > I have a question, can we use Kafka ACL's with only SASL/PLAIN mechanism.
> > Because after I enabled, still I am able to produce/consume from topics.
> >
> > And one more observation is in kafka-_jaas.conf, there is no client
> > section, will get an WARN as below, as we dont have this kind of
> mechanisim
> > with zookeeper. Just want to confirm is this expected?
> >
> > *WARN SASL configuration failed:
> javax.security.auth.login.LoginException:
> > No JAAS configuration section named 'Client' was found in specified JAAS
> > configuration file: '/usr/iop/current/kafka-broker/conf/kafka_jaas.conf'.
> > Will continue connection to Zookeeper server without SASL authentication,
> > if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)*
> >
> > KafkaClient {
> >
> > org.apache.kafka.common.security.plain.PlainLoginModule required
> >
> > username="alice"
> >
> > password="alice-secret";
> >
> > };
> >
> >
> > KafkaServer {
> >
> > org.apache.kafka.common.security.plain.PlainLoginModule required
> >
> > username="admin"
> >
> > password="admin-secret"
> >
> > user_admin="admin-secret"
> >
> > user_alice="alice-secret";
> >
> > };
> >
> >
> > I see recommended is SASL/PLAIN with SSL, just can we use only SASL/PLAIN
> > mechanisim with ACLS?
> >
> > Thanks
> >
>
