Support Questions

Find answers, ask questions, and share your expertise

Multiple listeners of Kafka in Kerberozied Cluster

avatar

1] Can I configure both PLAINTEXT and PLAINTEXTSASL as the communication type with Kakfa broker in a kerberozied cluster ?

If above is possible -- How I achieve the same from Ambari configuration ?

2] If above is not possible, can I do only PLAINTEXT in kerberozied cluster?

Thanks

Santhosh

1 ACCEPTED SOLUTION

avatar

@sgowda Yes its possible. You can go to ambari kafka config page and add PLAINTEXTSASL://localhost:6667, PLAINTEXT://localhost:6668. Make sure the ports are unique.

In PLAINTEXT connections user's identity set to Anonymous. You need to make sure you set the right ACLs using kafka-acls.sh command to give permissions to Anonymous user.

View solution in original post

4 REPLIES 4

avatar

found below text in doc.hortonworks.com

"The broker can only accept SASL (Kerberos) connections, and there is no wire encryption applied. (Note: For a non-secure cluster, <protocol> should be set to PLAINTEXT.)"

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_secure-kafka-ambari/content/ch_secure-ka...

avatar

@sgowda Yes its possible. You can go to ambari kafka config page and add PLAINTEXTSASL://localhost:6667, PLAINTEXT://localhost:6668. Make sure the ports are unique.

In PLAINTEXT connections user's identity set to Anonymous. You need to make sure you set the right ACLs using kafka-acls.sh command to give permissions to Anonymous user.

avatar

@Sriharsha Chintalapani thanks -- worked after adding acl permission for ANONYMOUS user !

avatar
New Contributor

Can this be done when the authorizer class being used is RangerKafkaAuthorizer and not SimpleAclAuthorizer?