Multiple Authentication mechanism with Client

tusharb · 2 November 2023 12:37

Hello Community,

Quick Question regarding authentication.We have Kafka Cluster with 3 Brokers.

We have defined 3 listeners (Internal, broker and External) all using SSL as authentication mechanism.

I want to add one more authentication method (SASL-PLAIN) or (PLAINTEXT) for one of the clients.

Intention is to let them push messages in Kafka without authentication or easy username password authentication without SSL.

I do not want to change authentication method for inter broker communication and when data goes out of Kafka.

They will remain as SSL.
Any help on how to do it?

Below is server.properties working for us till now.

ssl.endpoint.identification.algorithm=
ssl.enabled.protocols=TLSv1.2
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
ssl.principal.mapping.rules=RULE:^CN=(.*?),OU=XYZ DC SIEM*$/$1/,RULE:^CN=(.*?),OU=(.*?),O=(.*?),L=(.*?),ST=(.*?),C=(.*?)$/$1@$2/,RULE:^cn=(.*?),ou=(.*?),dc=(.*?),dc=(.*?)$/$1@$2/L,RULE:^.*[Cc][Nn]=([a-zA-Z0-9\-\.]*),.*$/$1/L,DEFAULT
super.users=User:ABC;User:DEF;User:GHI
listener.security.protocol.map=INTERNAL:SSL,BROKER:SSL,EXTERNAL:SSL listeners=INTERNAL://:9093,BROKER://:9091,EXTERNAL://:9092 advertised.listeners= INTERNAL://X.com:9093 , BROKER://Y.com:9091 , EXTERNAL://Z.com:9092 ## Inter Broker Listener Configuration
inter.broker.listener.name=BROKER listener.name.internal.ssl.truststore.location=/etc/pki/java/XYZ.jks
listener.name.internal.ssl.truststore.password=XYZXYZXYZXYZXYZXYZ
listener.name.internal.ssl.keystore.location=/etc/pki/java/ABC.jks
listener.name.internal.ssl.keystore.password=XYZXYZXYZXYZXYZXYZ
listener.name.internal.ssl.key.password=XYZXYZXYZXYZXYZXYZ
listener.name.internal.ssl.client.auth=required listener.name.broker.ssl.truststore.location=/etc/pki/java/XYZ.jks
listener.name.broker.ssl.truststore.password=XYZXYZXYZXYZXYZXYZ
listener.name.broker.ssl.keystore.location=/etc/pki/java/ABC.jks
listener.name.broker.ssl.keystore.password=XYZXYZXYZXYZXYZXYZ
listener.name.broker.ssl.key.password=XYZXYZXYZXYZXYZXYZ
listener.name.broker.ssl.client.auth=required listener.name.external.ssl.truststore.location=/etc/pki/java/XYZ.jks
listener.name.external.ssl.truststore.password=XYZXYZXYZXYZXYZXYZ
listener.name.external.ssl.keystore.location=/etc/pki/java/ABC.jks
listener.name.external.ssl.keystore.password=XYZXYZXYZXYZXYZXYZ
listener.name.external.ssl.key.password=XYZXYZXYZXYZXYZXYZ
listener.name.external.ssl.client.auth=required

Thank you for your help

Topic		Replies	Views
SASL/PLAIN Authentication Ops	3	1008	8 January 2024
First connect via SSL Kafka Connect	4	4055	21 January 2022
SASL_PLAIN for client connection configuration problems Java Clients	2	6217	4 December 2021
Kafka Authentication Per Topic Lounge	2	3585	30 December 2021
Self-hosted Kafka with KRaft, SSL and SASL (scram-sha-256) Ops	7	7844	17 May 2024

Multiple Authentication mechanism with Client

Related topics