0

I am not an expert but am aware of the auth mechanism that works commonly with kafka. Common usecases/implementations for kafka use SASL Plain or SASL SCRAM i.e
security.protocol=SASL_SSL or security.protocol=SASL_PLAINTEXT(Not recommended for PLAIN mechanism)
and
sasl.mechanism=SCRAM-SHA-256 or 512 or sasl.mechanism=PLAIN (not recommended any more).

then I see JAAS configuration as below -
sasl.jaas.config = org.apache.kafka.common.security.scram.ScramLoginModule required username password

What I don't get in the picture is how JAAS fits in the client and server architecture. Is there an architecture diagram that i can refer to to get the bigger picture. I have searched over google for security architecture for kafka and how JAAS fit's in to it, but had no luck.
Could some one help.

joven
  • 371
  • 1
  • 6
  • 17

1 Answers1

0

You are setting the jaas file as a java argument in the KAFKA_OPTS or in the client properties

export KAFKA_OPTS="-Djava.security.auth.login.config=/etc/kafka/client_jaas.conf"

Using KafkaClient {}

Or using the client configuration

sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required
username="user"
password="psw";

https://docs.confluent.io/platform/current/kafka/authentication_sasl/index.html

Or if you are using java spring framework check this documentation

https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/jaas.html

Jaas is the file/configuration which contains the applicative user information which authenticate to the kafka cluster

Ran Lupovich
  • 1,655
  • 1
  • 6
  • 13
  • could you point or makeup a diagram which shows where JAAS fits in the security architecture. – joven Jun 12 '21 at 13:24
  • It is a file/configuration which contains the applicative user information which authenticate to the kafka cluster, – Ran Lupovich Jun 12 '21 at 13:26