https://community.cloudera.com/t5/Archives-of-Support-Questions/SASL-PLAINTEXT/m-p/59667#M67723 <P>From what I've read SASL_PLAINTEXT allows using Kerberos for authentication but once the client is authenticated the actual session is not encrypted.&nbsp; So to use Kerberos and have the entire client/server session be encrypted you must use SASL_SSL and setup a keystore/trustore as well.&nbsp; Is this correct?</P><P>&nbsp;</P> Fri, 16 Sep 2022 12:12:21 GMT RichardK1967 2022-09-16T12:12:21Z https://community.cloudera.com/t5/Archives-of-Support-Questions/SASL-PLAINTEXT/m-p/59667#M67723 <P>From what I've read SASL_PLAINTEXT allows using Kerberos for authentication but once the client is authenticated the actual session is not encrypted.&nbsp; So to use Kerberos and have the entire client/server session be encrypted you must use SASL_SSL and setup a keystore/trustore as well.&nbsp; Is this correct?</P><P>&nbsp;</P> Fri, 16 Sep 2022 12:12:21 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/SASL-PLAINTEXT/m-p/59667#M67723 RichardK1967 2022-09-16T12:12:21Z https://community.cloudera.com/t5/Archives-of-Support-Questions/SASL-PLAINTEXT/m-p/59679#M67724 You are correct, SASL_PLAINTEXT only provides authentication, not encryption. You'll want SASL_SSL if you need encrypted traffic as well. You can set inter.broker.protocol to a different value if you'd like to only encrypt client/server traffic, but if you leave that to inferred in CM, it will use whatever your listener value is set to.<BR /><BR />-pd Thu, 07 Sep 2017 18:22:14 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/SASL-PLAINTEXT/m-p/59679#M67724 pdvorak 2017-09-07T18:22:14Z