Implementing authentication using SASL/Kerberos
Currently, the supported mechanisms are Generic Security Services API (GSSAPI) or Kerberos and PLAIN.
How to do it...
To configure SASL authentication on the brokers perform the following:
- Select one or more mechanisms to enable in the broker: GSSAPI or PLAIN
- Add the JAAS config file location as a JVM parameter to each Kafka broker:
-Djava.security.auth.login.config=/etc/kafka/kafka_server_jaas.conf
- Configure an SASL port in
server.properties
by adding at least one ofSASL_PLAINTEXT
orSASL_SSL
to the listeners, and optionally,advertised.listeners
properties, each of which should contain one or more comma-separated values:
listeners=SASL_PLAINTEXT://host.name:port advertised.listeners=SASL_PLAINTEXT://host.name:port security.inter.broker.protocol=SASL_PLAINTEXT (or SASL_SSL)
- Enable one or more SASL mechanisms in
server.properties
and configure the SASL mechanism for inter-broker communication if using SASL for inter-broker communication:
sasl.enabled...