Yes On Wed, Apr 20, 2016 at 2:52 PM, Srividhya Shanmugam < srivishanmu...@gmail.com> wrote:
> Yes, I followed those steps for setting up SSL based authentication. ok, If > I understand correclty, the subject name of the client cert is what I need > to use when running kafka-acls script to add acls on topic. > Those will be validated against the client cert trustore/keystore locations > specified through java client for producers and cnsumers. > > Is that correct? > > Thanks > Sri > > > On Wed, Apr 20, 2016 at 9:29 AM, Tom Crayford <tcrayf...@heroku.com> > wrote: > > > Yes: http://kafka.apache.org/documentation.html#security_ssl > > > > On Wed, Apr 20, 2016 at 2:29 PM, Srividhya Shanmugam < > > srivishanmu...@gmail.com> wrote: > > > > > Thanks Tom. Should the custom client cert be generated and signed by CA > > in > > > all brokers? Is there an example or more documentation on this? > > > Sri > > > > > > On Wed, Apr 20, 2016 at 9:14 AM, Tom Crayford <tcrayf...@heroku.com> > > > wrote: > > > > > > > Hi Sri, > > > > > > > > You can configure ACLs by using SSL client authentication with a > custom > > > > client cert - the subject of the client cert will be used as the ACL > > > user. > > > > > > > > Thanks > > > > Tom > > > > > > > > On Wed, Apr 20, 2016 at 2:12 PM, Srividhya Shanmugam < > > > > srivishanmu...@gmail.com> wrote: > > > > > > > > > Kafka Team, > > > > > > > > > > I am trying to integrate kafka security. I was able to authenticate > > > using > > > > > SSL(TLS) with a single broker/client and a two node set up. I > started > > > > > reading about ACLs and my understanding is ACLs can be configured > > with > > > > > kerberos principals. > > > > > > > > > > Is there a way ACLs can be configured with custom non kerberos > > > > principals? > > > > > Would that require implementing a custom ACL authorizer? > > > > > > > > > > Thanks, > > > > > Sri > > > > > > > > > > > > > > >
