Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

SASL_PLAINTEXT

Labels:
avatar
author-rank RichardK1967
Explorer

Created on ‎09-07-2017 08:31 AM - edited ‎09-16-2022 05:12 AM

From what I've read SASL_PLAINTEXT allows using Kerberos for authentication but once the client is authenticated the actual session is not encrypted.  So to use Kerberos and have the entire client/server session be encrypted you must use SASL_SSL and setup a keystore/trustore as well.  Is this correct?

 

3,738 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank pdvorak author-rank
Guru

Created ‎09-07-2017 11:22 AM

You are correct, SASL_PLAINTEXT only provides authentication, not encryption. You'll want SASL_SSL if you need encrypted traffic as well. You can set inter.broker.protocol to a different value if you'd like to only encrypt client/server traffic, but if you leave that to inferred in CM, it will use whatever your listener value is set to.

-pd

View solution in original post

3,720 Views
1 REPLY 1

avatar
author-rank pdvorak author-rank
Guru

Created ‎09-07-2017 11:22 AM

You are correct, SASL_PLAINTEXT only provides authentication, not encryption. You'll want SASL_SSL if you need encrypted traffic as well. You can set inter.broker.protocol to a different value if you'd like to only encrypt client/server traffic, but if you leave that to inferred in CM, it will use whatever your listener value is set to.

-pd
3,721 Views
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements