0

I have installed Docker on my Windows 10 and also installed Kafka. I have created a "test" Topic inside a Kafka cluster. Now I want to secure the Topic with a simple username and password. I am super new to Kafka, any help would really be appreciated.

To run Kafka commands, I am using windows "Power Shell".

I have tried running a few commands on the command line

To create Topics:- kafka-topics --create --topic test --partitions 1 --replication-factor 1 --if-not-exists --zookeeper zookeeper:2181

To secure Topic I used command: kafka-acls --topic test --producer --authorizer-properties --zookeeper zookeeper:2181 --add --allow-principal User:alice

Unfortunately, it says "bash: afka-acl: command not found"

Do I need to include anything in the Kafka configuration file? or Is it possible to just run commands from power shell and secure Topic?

Securing with username and password is the same as ACL or different?

kishorK
  • 453
  • 2
  • 7
  • 16

1 Answers1

2

Kafka support authentication of connections to brokers from clients (producers and consumers) using

SSL

SASL (Kerberos) and SASL/PLAIN

This need configuration changes in for both broker and clients. What you are asking for seems like SASL plain. However as mentioned above this cannot be done from CLI and required configuration changes. If you follow the steps in the documentation link, it is pretty straightforward.

ACL is authorization which defines which user has access to what topics. See this link

asolanki
  • 1,333
  • 11
  • 18
  • @asolanki--- Thank you for great and concise info. but in which file I can add this configuration for SASL/PLAIN? I am just referring this example provided here: https://docs.confluent.io/current/quickstart/ce-docker-quickstart.html# – kishorK Oct 23 '19 at 09:06
  • on SASL documentation they are asking to add: -"Djava.security.auth.login.config=/etc/kafka/kafka_server_jaas.conf" file to each broker, but where exactly I have to add it. – kishorK Oct 24 '19 at 07:38
  • probably you've already solved it but if anyone still wondering, you probably need to add it to `/etc/systemd/system/kafka.service`. add your configuration to below of [Service] line as `Environment="KAFKA_OPTS=-Djava.security.auth.login.config=path/jaas.conf"` then restart the kafka service – Bünyamin Şentürk Dec 08 '21 at 07:22