Hi,

with SSL client authentication the user identifier is the dname of the 
certificate

in your case “CN=Bob,O=FB,OU=MA,L=MP,ST=CA,C=US”

for example when you want to set an ACL rule (read and write for topic 
TOPICNAME from every host):
 
$ kafka-acls --authorizer-properties zookeeper.connect=zookeeper:2181 --add 
--allow-principal User:CN=Bob,O=FB,OU=MA,L=MP,ST=CA,C=US --allow-host "*" 
--operation Read --operation Write --topic TOPICNAME


Am 19.05.17, 20:02 schrieb "Raghav" <raghavas...@gmail.com>:

    If it helps, this is how I generated the keystone for my client
    
    $ keytool -alias kafka-dev2 -validity 365 -keystore kafka-dev2.keystore.jks
    -dname "CN=Bob,O=FB,OU=MA,L=MP,ST=CA,C=US" -genkey -ext SAN=DNS:
    kafka-dev2.example.com -storepass 123456
    
    Anything wrong here ?
    
    On Fri, May 19, 2017 at 10:32 AM, Raghav <raghavas...@gmail.com> wrote:
    
    > Hi
    >
    > I have a SSL setup with Kafka Broker, Producer and Consumer, and it works
    > fine. I tried to setup ACLs as given on the website. When I start my
    > producer, I am getting this error:
    >
    >
    > [root@kafka-dev2 KAFKA]# bin/kafka-console-producer --broker-list
    > kafka-dev1.example.com:9093 --topic test --producer.config
    > ./etc/kafka/producer.properties
    >
    > HelloWorld
    >
    > [2017-05-19 10:24:42,437] WARN Error while fetching metadata with
    > correlation id 1 : {test=UNKNOWN_TOPIC_OR_PARTITION}
    > (org.apache.kafka.clients.NetworkClient)
    > [root@kafka-dev2 KAFKA]#
    >
    >
    > server config has the following entries
    > ------------------------------------
    > authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
    > super.users=User:Bob
    > ------------------------------------
    >
    > When certificate was being generated for Producer (Bob was used in the
    > CNAME.)
    >
    >
    > Am I missing something here ? Please help
    >
    > Thanks.
    >
    > Raghav
    >
    
    
    
    -- 
    Raghav
    

Reply via email to