Hi to all, I successfully put my simple Kafka cluster under TSL following official documentation. So in current configuration, inter-broker communication is done through SSL (security.inter.broker.protocol=SSL) and client authentication is required ( ssl.client.auth=required).
I would like to know if with these options, every broker is also authenticating itself, besides doing encrypted communication. That is, if with ssl.client.auth we mean both brokers and consumers/producers. Moreover, I would like to know if is it possible to authenticate consumers/producers through SASL/Kerberos while keeping inter-broker authentication/communication through TSL. I read the Ismael Juma tutorial on this ( http://www.confluent.io/blog/apache-kafka-security-authorization-authentication-encryption). It points in this direction, but there's something I did not fully understand. For example, if consumer authenticates with kerberos, client keystore should not be provided in configuration and ssl.client.auth should be false on server (unless is required for brokers). Thank you in advance for any kind of help and explanation. Giampaolo
