Yes, we can use Kafka ACL's with SASL/PLAIN mechanism.
On Thu, Jan 26, 2017 at 2:38 AM, BigData dev <bigdatadev...@gmail.com>
wrote:
> Hi,
> I have a question, can we use Kafka ACL's with only SASL/PLAIN mechanism.
> Because after I enabled, still I am able to produce/consume from topics.
>
> And one more observation is in kafka-_jaas.conf, there is no client
> section, will get an WARN as below, as we dont have this kind of mechanisim
> with zookeeper. Just want to confirm is this expected?
>
> *WARN SASL configuration failed: javax.security.auth.login.LoginException:
> No JAAS configuration section named 'Client' was found in specified JAAS
> configuration file: '/usr/iop/current/kafka-broker/conf/kafka_jaas.conf'.
> Will continue connection to Zookeeper server without SASL authentication,
> if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)*
>
> KafkaClient {
>
> org.apache.kafka.common.security.plain.PlainLoginModule required
>
> username="alice"
>
> password="alice-secret";
>
> };
>
>
> KafkaServer {
>
> org.apache.kafka.common.security.plain.PlainLoginModule required
>
> username="admin"
>
> password="admin-secret"
>
> user_admin="admin-secret"
>
> user_alice="alice-secret";
>
> };
>
>
> I see recommended is SASL/PLAIN with SSL, just can we use only SASL/PLAIN
> mechanisim with ACLS?
>
> Thanks
>
