Hi, We are evaluating how to put authorization in place for Kafka (around topics, mostly). Is it a good idea to do this without Kerberos? I was testing if a non-admin principal (OS user) can modify (add/remove) ACLs and it seems like it's possible. If this is right behavior, it's insecure and unusable. What do you guys think?
Thanks, Manoj
