There is no listener to topic mappings right now. But you can run two listeners 
one PLAINTEXT and another SASL. Configure your authorizer to allow anonymous 
read/write on topics that are public and the topics you want to protect give a 
explicit ACL to principal names. This will protect any read/writes on the 
secure topics and it will reject any request on PLAINTEXT port for these topics 
 as AuthorizationException and rest of the topics you can continue access 
through both the ports.

-Harsha

On Tue, Jul 17, 2018, at 5:09 PM, Matt L wrote:
> Hi,
> 
> I have an existing Kafka Cluster that is configured as PLAINTEXT. We want
> to enable SASL (GSSAPI) as an additional listener.
> 
> Is there a way to force specific topics to only accept traffic
> (publish/consume) from a certain listener?
> 
> e.g. if i create a topic and set ACLS, how do i stop a client from using
> the PLAINTEXT protocol and publishing and consuming to that topic
> 
> Thanks!

Reply via email to