Stack Overflow
Stack Overflow

Questions tagged [apache-kafka-security]

The following security measures are currently supported:

  1. Authentication of connections to brokers from clients (producers and consumers), other brokers and tools, using either SSL or SASL. Kafka supports the following SASL mechanisms:
    • SASL/GSSAPI (Kerberos) - starting at version 0.9.0.0
    • SASL/PLAIN - starting at version 0.10.0.0
    • SASL/SCRAM-SHA-256 and SASL/SCRAM-SHA-512 - starting at version 0.10.2.0
    • SASL/OAUTHBEARER - starting at version 2.0
  2. Authentication of connections from brokers to ZooKeeper
  3. Encryption of data transferred between brokers and clients, between brokers, or between brokers and tools using SSL (Note that there is a performance degradation when SSL is enabled, the magnitude of which depends on the CPU type and the JVM implementation.)
  4. Authorization of read / write operations by clients
  5. Authorization is pluggable and integration with external authorization services is supported

Links

Related Tags

55 questions
0
votes
2 answers

How to handle Kafka cluster CA certificate?

I have installed Strimzi Kafka and created TLS enabled cluster as follows: listeners: plain: {} tls: authentication: type: tls The Kafka cluster CA certificate created automatically and looks like this: Entry…
Barat Sahdzijeu
  • 1,683
  • 1
  • 18
  • 29
0
votes
1 answer

Configure Apache KAFKA with external and internal listeners and SASL Authentication for external publish/subscribe

I want to configure Kafka authentication (just authentication no encryption is needed by now) using 2 listeners: one for interbroker private comunication with PLAINTEXT security one for consumer/producers public communication with SASL_PLAINTEXT…
Ripley_A0
  • 13
  • 5
0
votes
1 answer

kafka connect to s3 fails to start

I'm trying to configure the kafka-connect to send my data from kafka to s3. I'm newbie in aspect of kafka, and I'm trying to implement this flow without any ssl encryptions just to get the hang of it. kafka version : 2.12-2.2.0 kafka-connect : 4.1.1…
JeyJ
  • 3,582
  • 4
  • 35
  • 83
0
votes
2 answers

How to enable multiple listeners in kafka cluster

I have a 3 nodes Kafka cluster. I have enabled SASL_PLAINTEXT and it is working fine with Port 6667. Now I want o enable SSL for different Port in the same cluster. I have enabled the trustore and Keystore certificates. and I did below configuration…
satish pujara
  • 219
  • 1
  • 11
0
votes
0 answers

Not able to connect to Kafka cluster ( on AWS ) from local network after SSL implementation

I have implemented Kafka two way SSL authentication on a 17 node cluster. I have tested by running console consumer/producer commands from few nodes of the cluster. But when I try to do that from local network ( Laptop ) it doesn't work. I get SSL…
Anirban
  • 257
  • 4
  • 12
0
votes
1 answer

Confluent schema registry SSL configuration

I am new to the kafka field. I have kafka, zookeeper and schema registry all installed in a RHEL7 machine (hostname: kafka-confluent), it is not a cluster setup so there is only 1 broker. Now I would like to configure SSL encryption for my setup. I…
Kevin Lee
  • 401
  • 3
  • 9
  • 22
0
votes
1 answer

How to secure kafka Topic with username and password from CLI/command line?

I have installed Docker on my Windows 10 and also installed Kafka. I have created a "test" Topic inside a Kafka cluster. Now I want to secure the Topic with a simple username and password. I am super new to Kafka, any help would really be…
kishorK
  • 453
  • 2
  • 7
  • 16
0
votes
0 answers

Exception while loading Zookeeper JAAS login context 'Client'

When I am running the Kafka broker I am getting the error: Exception while loading Zookeeper JAAS login context 'Client' zookeeper.jaas.conf Server {        org.apache.zookeeper.server.auth.DigestLoginModule…
RamanaMuttana
  • 481
  • 6
  • 22
0
votes
2 answers

kafka-console-producer with kerberos throws security-protocol is not a recognized option

I have enabled Kerberos from Ambari v2.7.3 and HDP v3.1.0 to all Hadoop services. I have verified HBase authentication using NIFI. I need to test Kafka as well. In Kafka console, I am able to create a topic. But while producing and consuming I am…
pujara
  • 21
  • 1
  • 8
0
votes
1 answer

ACLs for cluster resource in kafka

What are the cluster operations in kafka and what all operations can be allowed/denied by specifying --cluster option in kafka-acls.sh script? From this The inter-broker operations are split into two classes: cluster and topic. Cluster operations…
Markiv
  • 317
  • 1
  • 5
  • 13
1 2 3
4