Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
We’ve updated our product names and community labels - click here for full details
Solved Go to solution

security kafka

Labels:
avatar
author-rank Peruvian81
Explorer

Created on ‎10-03-2019 12:51 AM - last edited on ‎10-03-2019 03:32 AM by Community Manager Community Manager

Hello Friends

 

You could help me to secure my Kafka servers for both Broker and client. As additional data I am using a KDC. As I see I currently have the security.inter.broker.protocol SASL_PLAINTEXT I don't know if it is correct or how I should secure this service.

 

Thank you

1,994 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank ManuelCalvo author-rank
Expert Contributor

Created ‎10-03-2019 12:24 PM

Hi @Peruvian81 

 

Kafka has multiple ways to be secured:

 

  SSL Kerberos

PLAINTEXTNoNo
SSLYesNo
SASL_PLAINTEXTNoYes
SASL_SSLYesYes

 

If you already are using Kerberos, you can check the document below:

 

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.4/authentication-with-kerberos/content/kerberos_...

 

For your clients, you can use below command line depending of the Kafka version:

consumer example:

 

bin/kafka-console-consumer.sh --bootstrap-server <kafkaHost>:<kafkaPort> --topic <topicName> --security-protocol SASL_PLAINTEXT

 

For newer versions, consumer example:

 

bin/kafka-console-consumer.sh --topic <topicName> --bootstrap-server <brokerHost>:<brokerPort> --consumer-property security.protocol=SASL_PLAINTEXT

 

 

* Make sure to get a valid Kerberos ticket before running these commands (kinit -kt keytab principal)

** Ensure the Kerberos principal has permissions to publish/consume data from/to the selected topic

 

 

View solution in original post

1,982 Views
0 Kudos
1 REPLY 1

avatar
author-rank ManuelCalvo author-rank
Expert Contributor

Created ‎10-03-2019 12:24 PM

Hi @Peruvian81 

 

Kafka has multiple ways to be secured:

 

  SSL Kerberos

PLAINTEXTNoNo
SSLYesNo
SASL_PLAINTEXTNoYes
SASL_SSLYesYes

 

If you already are using Kerberos, you can check the document below:

 

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.4/authentication-with-kerberos/content/kerberos_...

 

For your clients, you can use below command line depending of the Kafka version:

consumer example:

 

bin/kafka-console-consumer.sh --bootstrap-server <kafkaHost>:<kafkaPort> --topic <topicName> --security-protocol SASL_PLAINTEXT

 

For newer versions, consumer example:

 

bin/kafka-console-consumer.sh --topic <topicName> --bootstrap-server <brokerHost>:<brokerPort> --consumer-property security.protocol=SASL_PLAINTEXT

 

 

* Make sure to get a valid Kerberos ticket before running these commands (kinit -kt keytab principal)

** Ensure the Kerberos principal has permissions to publish/consume data from/to the selected topic

 

 

1,983 Views
0 Kudos
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements