https://community.cloudera.com/t5/Support-Questions/Kafka-security-inter-broker-protocol-can-not-be-set-to-SASL/m-p/79267#M45308 <P>Hi guys,</P><P>&nbsp;</P><P>I have a Kafka cluster and want to enable SASL_SSL without Kerberos.</P><P>Is it possible?</P><P>&nbsp;</P><P>What I changed in kafka.properties:</P><P>&nbsp;</P><PRE>listeners=PLAINTEXT://kafkatest03.loc:9092, SSL://kafkatest03.loc:9093, SASL_SSL://kafkatest03.loc:9094, SASL_PLAINTEXT://kafkatest03.loc:9095 advertised.listeners=PLAINTEXT://kafkatest03.loc:9092, SSL://kafkatest03.loc:9093, SASL_SSL://kafkatest03.loc:9094, SASL_PLAINTEXT://kafkatest03.loc:9095 ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1 sasl.enabled.mechanisms=SCRAM-SHA-256 sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256 authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer<BR /><BR />ssl.keystore.location=...<BR />ssl.keystore.password.generator=...<BR />ssl.key.password.generator=...<BR />ssl.truststore.location=...<BR />ssl.truststore.password.generator=... </PRE><P>&nbsp;</P><P>Added to broker_java_opts:</P><P>&nbsp;</P><PRE>-Djava.security.auth.login.config=/etc/kafka/kafka_server_jaas.conf KafkaServer { org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="admin"; };</PRE><P>&nbsp;</P><P>&nbsp;</P><P>When I set security.inter.broker.protocol to PLAINTEXT everything is working and client can auth wirh SASL_SSL using&nbsp;SCRAM-SHA-256, but ACL is not working.</P><P>&nbsp;</P><P>According to this:</P><P><A href="https://github.com/wurstmeister/kafka-docker/issues/218" target="_blank">https://github.com/wurstmeister/kafka-docker/issues/218</A></P><P>we need to enable</P><P>security.inter.broker.protocol=SASL_SSL, but it throws an error:</P><P>&nbsp;</P><PRE>security.inter.broker.protocol can not be set to SASL_SSL, as Kerberos is not enabled</PRE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks</P> Fri, 16 Sep 2022 13:39:29 GMT Denys 2022-09-16T13:39:29Z