https://community.cloudera.com/t5/Support-Questions/security-kafka/m-p/278779#M208231 <P>Hi&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/68603">@Peruvian81</a>&nbsp;</P><P>&nbsp;</P><P>Kafka has multiple ways to be secured:</P><P>&nbsp;</P><P>&nbsp; SSL Kerberos</P><TABLE><TBODY><TR><TD>PLAINTEXT</TD><TD>No</TD><TD>No</TD></TR><TR><TD>SSL</TD><TD>Yes</TD><TD>No</TD></TR><TR><TD>SASL_PLAINTEXT</TD><TD>No</TD><TD>Yes</TD></TR><TR><TD>SASL_SSL</TD><TD>Yes</TD><TD>Yes</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>If you already are using Kerberos, you can check the document below:</P><P>&nbsp;</P><P><A href="https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.4/authentication-with-kerberos/content/kerberos_kafka_configuring_kafka_for_kerberos_using_ambari.html" target="_blank" rel="noopener">https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.4/authentication-with-kerberos/content/kerberos_kafka_configuring_kafka_for_kerberos_using_ambari.html</A></P><P>&nbsp;</P><P>For your clients, you can use below command line depending of the Kafka version:</P><P>consumer example:</P><P>&nbsp;</P><LI-CODE lang="markup">bin/kafka-console-consumer.sh --bootstrap-server &lt;kafkaHost&gt;:&lt;kafkaPort&gt; --topic &lt;topicName&gt; --security-protocol SASL_PLAINTEXT</LI-CODE><P>&nbsp;</P><P>For newer versions, consumer example:</P><P>&nbsp;</P><LI-CODE lang="markup">bin/kafka-console-consumer.sh --topic &lt;topicName&gt; --bootstrap-server &lt;brokerHost&gt;:&lt;brokerPort&gt; --consumer-property security.protocol=SASL_PLAINTEXT</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>* Make sure to get a valid Kerberos ticket before running these commands (kinit -kt keytab principal)</P><P>** E<SPAN>nsure the Kerberos principal has permissions to publish/consume data from/to the selected topic</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Thu, 03 Oct 2019 19:24:18 GMT ManuelCalvo 2019-10-03T19:24:18Z https://community.cloudera.com/t5/Support-Questions/security-kafka/m-p/278740#M208205 <P>Hello Friends</P> <P>&nbsp;</P> <P>You could help me to secure my Kafka servers for both Broker and client. As additional data I am using a KDC. As I see I currently have the security.inter.broker.protocol SASL_PLAINTEXT I don't know if it is correct or how I should secure this service.</P> <P>&nbsp;</P> <P>Thank you</P> Thu, 03 Oct 2019 10:32:01 GMT https://community.cloudera.com/t5/Support-Questions/security-kafka/m-p/278740#M208205 Peruvian81 2019-10-03T10:32:01Z https://community.cloudera.com/t5/Support-Questions/security-kafka/m-p/278779#M208231 <P>Hi&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/68603">@Peruvian81</a>&nbsp;</P><P>&nbsp;</P><P>Kafka has multiple ways to be secured:</P><P>&nbsp;</P><P>&nbsp; SSL Kerberos</P><TABLE><TBODY><TR><TD>PLAINTEXT</TD><TD>No</TD><TD>No</TD></TR><TR><TD>SSL</TD><TD>Yes</TD><TD>No</TD></TR><TR><TD>SASL_PLAINTEXT</TD><TD>No</TD><TD>Yes</TD></TR><TR><TD>SASL_SSL</TD><TD>Yes</TD><TD>Yes</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>If you already are using Kerberos, you can check the document below:</P><P>&nbsp;</P><P><A href="https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.4/authentication-with-kerberos/content/kerberos_kafka_configuring_kafka_for_kerberos_using_ambari.html" target="_blank" rel="noopener">https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.4/authentication-with-kerberos/content/kerberos_kafka_configuring_kafka_for_kerberos_using_ambari.html</A></P><P>&nbsp;</P><P>For your clients, you can use below command line depending of the Kafka version:</P><P>consumer example:</P><P>&nbsp;</P><LI-CODE lang="markup">bin/kafka-console-consumer.sh --bootstrap-server &lt;kafkaHost&gt;:&lt;kafkaPort&gt; --topic &lt;topicName&gt; --security-protocol SASL_PLAINTEXT</LI-CODE><P>&nbsp;</P><P>For newer versions, consumer example:</P><P>&nbsp;</P><LI-CODE lang="markup">bin/kafka-console-consumer.sh --topic &lt;topicName&gt; --bootstrap-server &lt;brokerHost&gt;:&lt;brokerPort&gt; --consumer-property security.protocol=SASL_PLAINTEXT</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>* Make sure to get a valid Kerberos ticket before running these commands (kinit -kt keytab principal)</P><P>** E<SPAN>nsure the Kerberos principal has permissions to publish/consume data from/to the selected topic</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Thu, 03 Oct 2019 19:24:18 GMT https://community.cloudera.com/t5/Support-Questions/security-kafka/m-p/278779#M208231 ManuelCalvo 2019-10-03T19:24:18Z