Multiple Authentication mechanism with Client

tusharb · 2 November 2023 12:37

Hello Community,

Quick Question regarding authentication.We have Kafka Cluster with 3 Brokers.

We have defined 3 listeners (Internal, broker and External) all using SSL as authentication mechanism.

I want to add one more authentication method (SASL-PLAIN) or (PLAINTEXT) for one of the clients.

Intention is to let them push messages in Kafka without authentication or easy username password authentication without SSL.

I do not want to change authentication method for inter broker communication and when data goes out of Kafka.

They will remain as SSL.
Any help on how to do it?

Below is server.properties working for us till now.

ssl.endpoint.identification.algorithm=
ssl.enabled.protocols=TLSv1.2
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
ssl.principal.mapping.rules=RULE:^CN=(.*?),OU=XYZ DC SIEM*$/$1/,RULE:^CN=(.*?),OU=(.*?),O=(.*?),L=(.*?),ST=(.*?),C=(.*?)$/$1@$2/,RULE:^cn=(.*?),ou=(.*?),dc=(.*?),dc=(.*?)$/$1@$2/L,RULE:^.*[Cc][Nn]=([a-zA-Z0-9\-\.]*),.*$/$1/L,DEFAULT
super.users=User:ABC;User:DEF;User:GHI
listener.security.protocol.map=INTERNAL:SSL,BROKER:SSL,EXTERNAL:SSL listeners=INTERNAL://:9093,BROKER://:9091,EXTERNAL://:9092 advertised.listeners= INTERNAL://X.com:9093 , BROKER://Y.com:9091 , EXTERNAL://Z.com:9092 ## Inter Broker Listener Configuration
inter.broker.listener.name=BROKER listener.name.internal.ssl.truststore.location=/etc/pki/java/XYZ.jks
listener.name.internal.ssl.truststore.password=XYZXYZXYZXYZXYZXYZ
listener.name.internal.ssl.keystore.location=/etc/pki/java/ABC.jks
listener.name.internal.ssl.keystore.password=XYZXYZXYZXYZXYZXYZ
listener.name.internal.ssl.key.password=XYZXYZXYZXYZXYZXYZ
listener.name.internal.ssl.client.auth=required listener.name.broker.ssl.truststore.location=/etc/pki/java/XYZ.jks
listener.name.broker.ssl.truststore.password=XYZXYZXYZXYZXYZXYZ
listener.name.broker.ssl.keystore.location=/etc/pki/java/ABC.jks
listener.name.broker.ssl.keystore.password=XYZXYZXYZXYZXYZXYZ
listener.name.broker.ssl.key.password=XYZXYZXYZXYZXYZXYZ
listener.name.broker.ssl.client.auth=required listener.name.external.ssl.truststore.location=/etc/pki/java/XYZ.jks
listener.name.external.ssl.truststore.password=XYZXYZXYZXYZXYZXYZ
listener.name.external.ssl.keystore.location=/etc/pki/java/ABC.jks
listener.name.external.ssl.keystore.password=XYZXYZXYZXYZXYZXYZ
listener.name.external.ssl.key.password=XYZXYZXYZXYZXYZXYZ
listener.name.external.ssl.client.auth=required

Thank you for your help

Topic		Replies	Views
SASL/PLAIN Authentication Ops	3	597	8 January 2024
First connect via SSL Kafka Connect	4	3371	21 January 2022
SASL_PLAIN for client connection configuration problems Java Clients	2	4583	4 December 2021
Self-hosted Kafka with KRaft, SSL and SASL (scram-sha-256) Ops	6	4124	25 April 2024
SSL handshake error for standalone server Clients	0	2043	15 March 2023

Multiple Authentication mechanism with Client

Related Topics