> Is there a reason why you are using GSS-API directly instead of via SASL?
There sure is--because I have no clue what I'm doing :) Our Kafka 0.9.0 cluster is currently only configured for SASL_PLAINTEXT so we're not encrypting anything at the moment. I'll take a look through SaslClientAuthenticator and try and come back with either confirmation that everything is working as expected (hopefully) or at least more intelligent questions... Thanks! ________________________________________ From: isma...@gmail.com [isma...@gmail.com] on behalf of Ismael Juma [ism...@juma.me.uk] Sent: Thursday, December 10, 2015 10:36 AM To: dev@kafka.apache.org Subject: Re: Interacting with a secured Kafka cluster via GSS-API Hi Dave, Is there a reason why you are using GSS-API directly instead of via SASL? It should still work, but if you do the latter, you can potentially reuse the existing code (or at least use it as inspiration), see `org.apache.kafka.common.security.authenticator.SaslClientAuthenticator`. Also, please keep in mind that we are only using SASL for authentication and that to encrypt the communication, you have to use SASL_SSL (ie we don't support the SASL confidentiality QOP, for example). I hope this helps. Ismael
