Hi,
with SSL client authentication the user identifier is the dname of the
certificate
in your case “CN=Bob,O=FB,OU=MA,L=MP,ST=CA,C=US”
for example when you want to set an ACL rule (read and write for topic
TOPICNAME from every host):
$ kafka-acls --authorizer-properties zookeeper.connect=zookeeper:2181 --add
--allow-principal User:CN=Bob,O=FB,OU=MA,L=MP,ST=CA,C=US --allow-host "*"
--operation Read --operation Write --topic TOPICNAME
Am 19.05.17, 20:02 schrieb "Raghav" <raghavas...@gmail.com>:
If it helps, this is how I generated the keystone for my client
$ keytool -alias kafka-dev2 -validity 365 -keystore kafka-dev2.keystore.jks
-dname "CN=Bob,O=FB,OU=MA,L=MP,ST=CA,C=US" -genkey -ext SAN=DNS:
kafka-dev2.example.com -storepass 123456
Anything wrong here ?
On Fri, May 19, 2017 at 10:32 AM, Raghav <raghavas...@gmail.com> wrote:
> Hi
>
> I have a SSL setup with Kafka Broker, Producer and Consumer, and it works
> fine. I tried to setup ACLs as given on the website. When I start my
> producer, I am getting this error:
>
>
> [root@kafka-dev2 KAFKA]# bin/kafka-console-producer --broker-list
> kafka-dev1.example.com:9093 --topic test --producer.config
> ./etc/kafka/producer.properties
>
> HelloWorld
>
> [2017-05-19 10:24:42,437] WARN Error while fetching metadata with
> correlation id 1 : {test=UNKNOWN_TOPIC_OR_PARTITION}
> (org.apache.kafka.clients.NetworkClient)
> [root@kafka-dev2 KAFKA]#
>
>
> server config has the following entries
> ------------------------------------
> authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
> super.users=User:Bob
> ------------------------------------
>
> When certificate was being generated for Producer (Bob was used in the
> CNAME.)
>
>
> Am I missing something here ? Please help
>
> Thanks.
>
> Raghav
>
--
Raghav
