Support Questions

Find answers, ask questions, and share your expertise

SASL_PLAINTEXT

avatar

From what I've read SASL_PLAINTEXT allows using Kerberos for authentication but once the client is authenticated the actual session is not encrypted.  So to use Kerberos and have the entire client/server session be encrypted you must use SASL_SSL and setup a keystore/trustore as well.  Is this correct?

 

1 ACCEPTED SOLUTION

avatar
You are correct, SASL_PLAINTEXT only provides authentication, not encryption. You'll want SASL_SSL if you need encrypted traffic as well. You can set inter.broker.protocol to a different value if you'd like to only encrypt client/server traffic, but if you leave that to inferred in CM, it will use whatever your listener value is set to.

-pd

View solution in original post

1 REPLY 1

avatar
You are correct, SASL_PLAINTEXT only provides authentication, not encryption. You'll want SASL_SSL if you need encrypted traffic as well. You can set inter.broker.protocol to a different value if you'd like to only encrypt client/server traffic, but if you leave that to inferred in CM, it will use whatever your listener value is set to.

-pd