This section describes the configuration of Kafka SASL_PLAIN authentication.
Procedure
- Add/Update the below files in /KAKA_HOME/config directory.
- server.properties
security.inter.broker.protocol=SASL_PLAINTEXT sasl.mechanism.inter.broker.protocol=PLAIN sasl.enabled.mechanisms=PLAIN authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer allow.everyone.if.no.acl.found=true auto.create.topics.enable=true listeners=SASL_PLAINTEXT://<IP Address>:9092 advertised.listeners=SASL_PLAINTEXT://<IP Address>:9092
- zookeeper.properties
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider requireClientAuthScheme=sasl jaasLoginRenew=3600000
- consumer.properties
security.protocol=SASL_PLAINTEXT sasl.mechanism=PLAIN
- zookeeper_jaas.conf
Server { org.apache.zookeeper.server.auth.DigestLoginModule required user_super="zookeeper" user_admin="admin-secret"; };
- kafka_server_jaas.conf
KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret"; }; Client { org.apache.zookeeper.server.auth.DigestLoginModule required username="admin" password="admin-secret"; };
- server.properties
- Add the zookeeper_jaas.conf file to the environment variable KAFKA_OPTS before starting zookeeper.
$ export KAFKA_OPTS="- Djava.security.auth.login.config=/KAFKA_HOME/config/zookeeper_jaas.conf" $ bin/zookeeper-server-start.sh -daemon config/zookeeper.properties
- Add the kafka_server_jaas.conf file to the environment variable KAFKA_OPTS before starting kafka server.
$ export KAFKA_OPTS="- Djava.security.auth.login.config=/KAFKA_HOME/config/kafka_server_jaas.conf" $ bin/kafka-server-start.sh -daemon config/server.properties
- Configuring the producer.
producer.properties
security.protocol=SASL_PLAINTEXT sasl.mechanism=PLAIN bootstrap.servers=localhost:9092 compression.type=none
- kafka_client_jaas.conf.
Note: Console operations [for testing purpose only].
KafkaClient { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret"; }; Client { org.apache.zookeeper.server.auth.DigestLoginModule required username="admin" password="admin-secret"; }; $ export KAFKA_OPTS="- Djava.security.auth.login.config=/KAFKA_HOME/config/kafka_client_jaas.conf" $ ./bin/kafka-console-consumer.sh -- topic test-topic --from-beginning -- consumer.config=config/consumer.properties --bootstrap-server=localhost:9092 $ export KAFKA_OPTS="- Djava.security.auth.login.config=/KAFKA_HOME/config/kafka_client_jaas.conf" $ ./bin/kafka-console-producer.sh --broker-list localhost:9092 --topic test-topic --producer.config=config/producer.properties