Kafka SASL zookeeper authentication

by

I found the issue by increasing the log level to DEBUG. Basically follow the steps below. I don’t use SSL but you will integrate it without any issue.

Following are my configuration files:

server.properties

security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN

authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
allow.everyone.if.no.acl.found=true
auto.create.topics.enable=false
broker.id=0
listeners=SASL_PLAINTEXT://localhost:9092
advertised.listeners=SASL_PLAINTEXT://localhost:9092
num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600

advertised.host.name=localhost
num.partitions=1
num.recovery.threads.per.data.dir=1
log.flush.interval.messages=30000000
log.flush.interval.ms=1800000
log.retention.minutes=30
log.segment.bytes=1073741824
log.retention.check.interval.ms=300000
delete.topic.enable=true
zookeeper.connect=localhost:2181
zookeeper.connection.timeout.ms=6000
super.users=User:admin

zookeeper.properties

dataDir=/tmp/zookeeper
clientPort=2181
maxClientCnxns=0
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl
jaasLoginRenew=3600000

producer.properties

security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
bootstrap.servers=localhost:9092
compression.type=none

consumer.properties

security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
zookeeper.connect=localhost:2181
zookeeper.connection.timeout.ms=6000
group.id=test-consumer-group

Now are the most important files for making your server starting without any issue:

zookeeper_jaas.conf

Server {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="admin-secret"
   user_admin="admin-secret";
};

kafka_server_jaas.conf

KafkaServer {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="admin-secret"
   user_admin="admin-secret";
};

Client {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="admin-secret";
};

After doing all these configuration, on a first terminal window:

Terminal 1 (start Zookeeper server)

From kafka root directory

$ export KAFKA_OPTS="-Djava.security.auth.login.config=/home/usename/Documents/kafka_2.11-0.10.1.0/config/zookeeper_jaas.conf"
$ bin/zookeeper-server-start.sh config/zookeeper.properties

Terminal 2 (start Kafka server)

From kafka root directory

$ export KAFKA_OPTS="-Djava.security.auth.login.config=/home/usename/Documents/kafka_2.11-0.10.1.0/config/kafka_server_jaas.conf"
$ bin/kafka-server-start.sh config/server.properties

[BEGIN UPDATE]

kafka_client_jaas.conf

KafkaClient {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="admin"
  password="admin-secret";
};

Terminal 3 (start Kafka consumer)

On a client terminal, export client jaas conf file and start consumer:

$ export KAFKA_OPTS="-Djava.security.auth.login.config=/home/username/Documents/kafka_2.11-0.10.1.0/kafka_client_jaas.conf"
$ ./bin/kafka-console-consumer.sh --new-consumer --zookeeper localhost:2181 --topic test-topic --from-beginning --consumer.config=config/consumer.properties  --bootstrap-server=localhost:9092

Terminal 4 (start Kafka producer)

If you also want to produce, do this on another terminal window:

$ export KAFKA_OPTS="-Djava.security.auth.login.config=/home/username/Documents/kafka_2.11-0.10.1.0/kafka_client_jaas.conf"
$ ./bin/kafka-console-producer.sh --broker-list localhost:9092 --topic test-topic --producer.config=config/producer.properties

[END UPDATE]

More Related Contents:

  1. Google OAuth 2 authorization – Error: redirect_uri_mismatch
  2. Authentication filter and servlet for login
  3. How to secure MongoDB with username and password
  4. Error when connect to impala with JDBC under kerberos authrication
  5. How can I extend ServiceStack Authentication
  6. Socket.IO Authentication
  7. Why is there an “Authorization Code” flow in OAuth2 when “Implicit” flow works so well?
  8. user authentication libraries for node.js?
  9. Forgot Password: what is the best method of implementing a forgot password function?
  10. Authentication with 2 different tables
  11. How to use UrlFetchApp with credentials? Google Scripts
  12. how to implement login auth in node.js
  13. What is the purpose of a “Refresh Token”?
  14. What if JWT is stolen?
  15. How to get a JWT?
  16. What are the main differences between JWT and OAuth authentication?
  17. CSRF Token necessary when using Stateless(= Sessionless) Authentication?
  18. What is the Authorized Javascript Origin for a webapp powered by Google Script?
  19. IIS7: Setup Integrated Windows Authentication like in IIS6
  20. OWIN – Authentication.SignOut() doesn’t seem to remove the cookie
  21. How to use Windows Active Directory Authentication and Identity Based Claims?
  22. In Subversion can I be a user other than my login name?
  23. Microservice Authentication strategy
  24. Single sign-on flow using JWT for cross domain authentication
  25. How to use Github Personal Access Token in Jenkins
  26. ASP.NET MVC 3 using Authentication
  27. How to use Client Certificate Authentication in iOS App
  28. Multiple IdentityServer Federation : Error Unable to unprotect the message.State
  29. How does OpenID authentication work?
  30. removing a kafka consumer group in zookeeper

Leave a Comment