5.Security

The Kafka community added a number of features that, used either separately or together, increases security in a Kafka cluster. The following security measures are currently supported by Kafka Eagle:

  • SASL/GSSAPI (Kerberos)

  • SASL/PLAIN

  • SASL/SCRAM-SHA-256

  • SASL/OAUTHBEARER

How To Use SASL Security On Multi-Cluster

1.Kerberos

1.1 Setting Kafka Eagle System File

Kafka Eagle system-config.properties file setting:

######################################
# kafka sasl authenticate
######################################
cluster1.kafka.eagle.sasl.enable=true
cluster1.kafka.eagle.sasl.protocol=SASL_PLAINTEXT
cluster1.kafka.eagle.sasl.mechanism=GSSAPI
cluster1.kafka.eagle.sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab="/etc/security/keytabs/kafka_client.keytab" principal="kafka-eagle.org@EXAMPLE.COM";
# make sure there is a local ticket cache ```klist -l``` to view
# cluster1.kafka.eagle.sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTicket=true serviceName="kafka-eagle.org";
‚Äč
# if your kafka cluster doesn't require it, you don't need to set it up
# cluster1.kafka.eagle.sasl.client.id=

2.PLAIN

2.1 Setting Kafka Eagle System File

Kafka Eagle system-config.properties file setting:

######################################
# kafka sasl authenticate
######################################
cluster1.kafka.eagle.sasl.enable=true
cluster1.kafka.eagle.sasl.protocol=SASL_PLAINTEXT
cluster1.kafka.eagle.sasl.mechanism=PLAIN
cluster1.kafka.eagle.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka" password="kafka-eagle";
# if your kafka cluster doesn't require it, you don't need to set it up
# cluster1.kafka.eagle.sasl.client.id=

3.SCRAM-SHA-256

3.1 Setting Kafka Eagle System File

Kafka Eagle system-config.properties file setting:

######################################
# kafka sasl authenticate
######################################
cluster1.kafka.eagle.sasl.enable=true
cluster1.kafka.eagle.sasl.protocol=SASL_PLAINTEXT
cluster1.kafka.eagle.sasl.mechanism=SCRAM-SHA-256
cluster1.kafka.eagle.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="kafka" password="kafka-eagle";
# if your kafka cluster doesn't require it, you don't need to set it up
# cluster1.kafka.eagle.sasl.client.id=

4.OAUTHBEARER

4.1 Setting Kafka Eagle System File

If you use this authentication, you need to make sure that your Kafka cluster version is after 2.x, Kafka Eagle system-config.properties file setting:

######################################
# kafka sasl authenticate
######################################
cluster1.kafka.eagle.sasl.enable=true
cluster1.kafka.eagle.sasl.protocol=SASL_PLAINTEXT
cluster1.kafka.eagle.sasl.mechanism=OAUTHBEARER
cluster1.kafka.eagle.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredLoginStringClaim_sub="kafka-eagle";
# if your kafka cluster doesn't require it, you don't need to set it up
# cluster1.kafka.eagle.sasl.client.id=