kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jakub Scholz <ja...@scholz.cz>
Subject Re: Disable anonymous access to zookeeper
Date Wed, 15 Nov 2017 23:09:33 GMT
Hi Jamie,

You should be able to use something like this:

Client {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    storeKey=true
    keyTab="/etc/security/keytabs/kafka_server.keytab"
    principal="kafka/kafka1.hostname.com@EXAMPLE.COM";
};

or this:

Client {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="kafka"
    password="123456";
};

in the Kafka JAAS config file. This defines the SASL client for connecting
to Zookeeper. You can have a look here for some more details:
http://kafka.apache.org/0100/documentation.html#security_sasl_brokernotes

Jakub

On Wed, Nov 15, 2017 at 6:23 PM, Jamie Wang <jamiew@opentext.com> wrote:

> Hi,
>
> I am using Kafka 0.10.0 version. In this version, zookeeper is required.
> Recently we found by default zookeeper allows anonymous connect to its port
> and for some this seems to be a security concern. So I'd like to disable
> zookeeper's ability to support anonymous connect. I am wondering if I
> disabled this, would it impact any Kafka operations. I am only using a
> single node Kafka (no cluster).   Would appreciate any information or
> pointers on how to proceed with this or any particular documentation I
> should read.  Thanks I advance for your help.
>
> Jamie
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message