Support Questions

RichardK1967 · ‎09-07-2017

From what I've read SASL_PLAINTEXT allows using Kerberos for authentication but once the client is authenticated the actual session is not encrypted. So to use Kerberos and have the entire client/server session be encrypted you must use SASL_SSL and setup a keystore/trustore as well. Is this correct?

pdvorak · ‎09-07-2017

You are correct, SASL_PLAINTEXT only provides authentication, not encryption. You'll want SASL_SSL if you need encrypted traffic as well. You can set inter.broker.protocol to a different value if you'd like to only encrypt client/server traffic, but if you leave that to inferred in CM, it will use whatever your listener value is set to.

-pd

View solution in original post

pdvorak · ‎09-07-2017

You are correct, SASL_PLAINTEXT only provides authentication, not encryption. You'll want SASL_SSL if you need encrypted traffic as well. You can set inter.broker.protocol to a different value if you'd like to only encrypt client/server traffic, but if you leave that to inferred in CM, it will use whatever your listener value is set to.

-pd

Cloudera Community

Support Questions

SASL_PLAINTEXT

HDF: NiFi Kafka authentication via SASL_PLAINTEXT,...

Why Ambari is setting the security protocol of the...

Ambari Kafka config, how to enable SASL_PLAINTEXT?

Kafka console-consumer/-producer not working after...

How to connect to Kafka from a Windows remote mach...

Kafka SSL + KERBEROS - Cheat Sheet Settings/Consol...

Re: HDP 2.6.4 - HDF 3.1: Apache Kafka - Apache Spa...

How to configure external accounts for Streams Rep...

Running a producer in a kerberized HDP 3.1 Kafka 2...

Getting "Jaas configuration not found " in Consume...