From what I've read SASL_PLAINTEXT allows using Kerberos for authentication but once the client is authenticated the actual session is not encrypted.  So to use Kerberos and have the entire client/server session be encrypted you must use SASL_SSL and setup a keystore/trustore as well.  Is this correct?   ... View more

I'm using Cloudera enterprise and Kafka 0.10.x.   To secure Kafka I've enabled Kerberos and configured Kafka to use the SimpleACLAuthorizer which stores ACLs in ZooKeeper.  Instead of using this I'd like to check Active Directory instead to determine topic authorization.  I can't seem to find an implementation.  Does one exist?   ... View more