Stack Overflow
Stack Overflow

Questions tagged [apache-kafka-security]

The following security measures are currently supported:

  1. Authentication of connections to brokers from clients (producers and consumers), other brokers and tools, using either SSL or SASL. Kafka supports the following SASL mechanisms:
    • SASL/GSSAPI (Kerberos) - starting at version 0.9.0.0
    • SASL/PLAIN - starting at version 0.10.0.0
    • SASL/SCRAM-SHA-256 and SASL/SCRAM-SHA-512 - starting at version 0.10.2.0
    • SASL/OAUTHBEARER - starting at version 2.0
  2. Authentication of connections from brokers to ZooKeeper
  3. Encryption of data transferred between brokers and clients, between brokers, or between brokers and tools using SSL (Note that there is a performance degradation when SSL is enabled, the magnitude of which depends on the CPU type and the JVM implementation.)
  4. Authorization of read / write operations by clients
  5. Authorization is pluggable and integration with external authorization services is supported

Links

Related Tags

55 questions
1
vote
1 answer

Kafka: simple ACL authorizer vs custom ACL authorizer

I am using Kafka's default ACL authorizer, but recently I came across a topic of custom ACL authorizer. I did checked for that, but couldn't find much details on it. I would like to understand: Isn't default ACL authorizer is good enough to use in…
Tushar H
  • 755
  • 11
  • 29
1
vote
2 answers

kafka-python producer - SSL connection failure - Trustore Only

I'm trying to publish messages via python to a kafka topic and am receiving an error. I can connect and publish via the CLI. Hoping for some guidance. I've googled and read the docs. Thanks!! Successful CLI command: kafka-console-producer…
Justin Bailey
  • 11
  • 1
  • 3
1
vote
1 answer

error accessing Kafka Cluster that is secured through SASL PLAINTEXT using KafkaTool

So I have secured a kafka cluster through below security mechanism in server.properties and added respective kafka and zookeeper jaas.config files security.inter.broker.protocol=SASL_PLAINTEXT sasl.mechanism.inter.broker.protocol=PLAIN and using…
viveksinghggits
  • 661
  • 14
  • 35
0
votes
1 answer

Is there a way to encrypt kafka security configuration(ssl config) passwords at broker and client side

How to encrypt Kafka security configuration passwords at broker and client side. I am currently storing the Kafka security configurations(password related configs) in Plain-text format in the following ways at the Kafka server side in…
Sudarsh1
  • 1
0
votes
0 answers

GraphDB Kafka Connector: Transactional Id authorization failed

I'm currently trying to set up a build-in Kafka Connector from an enterprise-licensed GraphDB cluster. The connector should be SSL-enabled and requires a trust and key store to communicate properly with the cluster. Our current producer…
M_Baum
  • 1
0
votes
1 answer

Can´t write to topic with remote producer in Apache Kafka

So I´m trying ot write to a topic in my cluster with a producer that´s on a seperate device than the broker and zookeeper servers. I´m using SSL_SASL authentication and I believe that there is an issue with the authentication but I dont get any log…
snigln
  • 3
  • 2
0
votes
0 answers

is there a way to get clientAddress with kafka while authentication?

I'm implementing a module of authentication to kafka with the java api and i want to log clientAddress as an information. I found AuthenticationContext that can be used with KafkaPrincipalBuilder like this: public class CustomPrincipalBuilder…
yassinec
  • 67
  • 1
  • 11
0
votes
1 answer

How to add user authentication configs

I am confused how to add authentication credentials progrmatically. Not sure if SECURITY_PROVIDERS_CONFIG is where I set these values. Was also going through the constants and I could see many configs have _DOC and I am curious what does it mean.…
Thomson Mathew
  • 419
  • 1
  • 9
  • 28
0
votes
1 answer

ClassNotFoundException exception occurred: io.confluent.kafka.security.config.provider.SecurePassConfigProvider (kafka.server.KafkaConfig)

The broker is failed on start-up and I can see the following errors : INFO Registered kafka:type=kafka.Log4jController MBean (kafka.utils.Log4jControllerRegistration$) ERROR ClassNotFoundException exception occurred:…
kuti
  • 161
  • 1
  • 3
  • 13
0
votes
1 answer

Setup kafka security cluster with SASL/PLAIN

I've trying to setup a cluster by https://docs.confluent.io/platform/current/security/security_tutorial.html with SSL keys and username/password like it is described. But failed to find a proper way to set up a dname of a key and broker's parameter…
Denis Rybakov
  • 56
  • 1
  • 3
0
votes
1 answer

NullPointerException exception while connecting to Kafka broker with SASL/SCRAM

We have configured two Kafka broker in application.YAML, one with SASL KERBEROS and the other one with SASL SCRAM. While starting the service it's connecting to broker with SASL KERBEROS and getting below error for other broker (SASL SCRAM). When we…
Yeldho Thomas
  • 1
  • 1
0
votes
1 answer

Not able to produce after setting up ACL in kafka

I am using wurstmeister kafka and zookeeper docker images in my local to test SASL and ACL in kafka. My docker-compose.yml is - version: '3' services: zookeeper: image: wurstmeister/zookeeper hostname: zookeeper container_name:…
aquaman
  • 1,523
  • 5
  • 20
  • 39
0
votes
1 answer

Select proper KafkaUser authentication type?

Maybe I miss something, if so forgive my ignorance. Here what we have: We use TLS authentication listeners in Kafka cluster (this can be changed, we can add new type of listeners). When connect to Kafka topic from Java code I use SSL certificate…
Barat Sahdzijeu
  • 1,683
  • 1
  • 18
  • 29
0
votes
1 answer

Using Kafka Security Manager for ACL for Schema Registry

I have a Kafka cluster running with Zookeeper, Confluent Schema registry and Kafka security manager(KSM). KSM, https://github.com/conduktor/kafka-security-manager, is software makes it easy to manager Kafka ACL with a csv file instead of using the…
CMPE
  • 1,853
  • 4
  • 21
  • 37
0
votes
1 answer

How to add a user (for producer or consumer) with custom SSL certificate to Kafka cluster?

I have Strimzi Kafka installed with Kafka cluster with TLS listeners (in OpenShift, if it matters). When I add a KafkaUser I request TLS authentication like that: spec: authentication: type: tls authorization: type: simple Then I…
Barat Sahdzijeu
  • 1,683
  • 1
  • 18
  • 29
1 2
3
4