Re: ACL with SSL is not working

Sun, 21 May 2017 22:52:55 -0700 

I tried all possible ways (including the way you suggested Michael), but I
still get the same error.

Is there a step by step guide to get ACLs working in Kafka with SSL ?

Thanks.

On Fri, May 19, 2017 at 11:40 AM, Michael Rauter <mrau...@anexia-it.com>
wrote:

> Hi,
>
> with SSL client authentication the user identifier is the dname of the
> certificate
>
> in your case “CN=Bob,O=FB,OU=MA,L=MP,ST=CA,C=US”
>
> for example when you want to set an ACL rule (read and write for topic
> TOPICNAME from every host):
>
> $ kafka-acls --authorizer-properties zookeeper.connect=zookeeper:2181
> --add --allow-principal User:CN=Bob,O=FB,OU=MA,L=MP,ST=CA,C=US
> --allow-host "*" --operation Read --operation Write --topic TOPICNAME
>
>
> Am 19.05.17, 20:02 schrieb "Raghav" <raghavas...@gmail.com>:
>
>     If it helps, this is how I generated the keystone for my client
>
>     $ keytool -alias kafka-dev2 -validity 365 -keystore
> kafka-dev2.keystore.jks
>     -dname "CN=Bob,O=FB,OU=MA,L=MP,ST=CA,C=US" -genkey -ext SAN=DNS:
>     kafka-dev2.example.com -storepass 123456
>
>     Anything wrong here ?
>
>     On Fri, May 19, 2017 at 10:32 AM, Raghav <raghavas...@gmail.com>
> wrote:
>
>     > Hi
>     >
>     > I have a SSL setup with Kafka Broker, Producer and Consumer, and it
> works
>     > fine. I tried to setup ACLs as given on the website. When I start my
>     > producer, I am getting this error:
>     >
>     >
>     > [root@kafka-dev2 KAFKA]# bin/kafka-console-producer --broker-list
>     > kafka-dev1.example.com:9093 --topic test --producer.config
>     > ./etc/kafka/producer.properties
>     >
>     > HelloWorld
>     >
>     > [2017-05-19 10:24:42,437] WARN Error while fetching metadata with
>     > correlation id 1 : {test=UNKNOWN_TOPIC_OR_PARTITION}
>     > (org.apache.kafka.clients.NetworkClient)
>     > [root@kafka-dev2 KAFKA]#
>     >
>     >
>     > server config has the following entries
>     > ------------------------------------
>     > authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
>     > super.users=User:Bob
>     > ------------------------------------
>     >
>     > When certificate was being generated for Producer (Bob was used in
> the
>     > CNAME.)
>     >
>     >
>     > Am I missing something here ? Please help
>     >
>     > Thanks.
>     >
>     > Raghav
>     >
>
>
>
>     --
>     Raghav
>
>
>


-- 
Raghav

Reply via email to