Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

security kafka

Solved Go to solution

security kafka

Explorer

Hello Friends

 

You could help me to secure my Kafka servers for both Broker and client. As additional data I am using a KDC. As I see I currently have the security.inter.broker.protocol SASL_PLAINTEXT I don't know if it is correct or how I should secure this service.

 

Thank you

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: security kafka

Contributor

Hi @Peruvian81 

 

Kafka has multiple ways to be secured:

 

  SSL Kerberos

PLAINTEXTNoNo
SSLYesNo
SASL_PLAINTEXTNoYes
SASL_SSLYesYes

 

If you already are using Kerberos, you can check the document below:

 

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.4/authentication-with-kerberos/content/kerberos_...

 

For your clients, you can use below command line depending of the Kafka version:

consumer example:

 

bin/kafka-console-consumer.sh --bootstrap-server <kafkaHost>:<kafkaPort> --topic <topicName> --security-protocol SASL_PLAINTEXT

 

For newer versions, consumer example:

 

bin/kafka-console-consumer.sh --topic <topicName> --bootstrap-server <brokerHost>:<brokerPort> --consumer-property security.protocol=SASL_PLAINTEXT

 

 

* Make sure to get a valid Kerberos ticket before running these commands (kinit -kt keytab principal)

** Ensure the Kerberos principal has permissions to publish/consume data from/to the selected topic

 

 

1 REPLY 1
Highlighted

Re: security kafka

Contributor

Hi @Peruvian81 

 

Kafka has multiple ways to be secured:

 

  SSL Kerberos

PLAINTEXTNoNo
SSLYesNo
SASL_PLAINTEXTNoYes
SASL_SSLYesYes

 

If you already are using Kerberos, you can check the document below:

 

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.4/authentication-with-kerberos/content/kerberos_...

 

For your clients, you can use below command line depending of the Kafka version:

consumer example:

 

bin/kafka-console-consumer.sh --bootstrap-server <kafkaHost>:<kafkaPort> --topic <topicName> --security-protocol SASL_PLAINTEXT

 

For newer versions, consumer example:

 

bin/kafka-console-consumer.sh --topic <topicName> --bootstrap-server <brokerHost>:<brokerPort> --consumer-property security.protocol=SASL_PLAINTEXT

 

 

* Make sure to get a valid Kerberos ticket before running these commands (kinit -kt keytab principal)

** Ensure the Kerberos principal has permissions to publish/consume data from/to the selected topic