• kafka使用SASL_PLAINTEXT做用户认证


    使用SASL/PLAIN认证

    server端
    1.配置broker
    kafka_server_jaas.conf
    内容
    KafkaServer {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="admin"
    password="admin-secret"
    user_admin="admin-secret"
    user_alice="alice-secret";
    };

    usernamepassword是broker初始化链接其他broker的使用的;上例admin是内部broker通信使用;
    user_[user]=[password]是用户链接到broker合法验证使用的
    2.添加JAAS配置到JVM的配置中,文件为kafka-server-start.sh

    export KAFKA_OPTS="-Djava.security.auth.login.config=/home/app/projects/kafka/config/common/kafka_server_jaas.conf"
    分割下解释
    -Djava.security.auth.login.config=/etc/kafka/kafka_server_jaas.conf
    该参数为添加为用户认证的server端

    3.添加SASL端口和SASL认证方式添加到 server.properties
    listeners=SASL_PLAINTEXT://host.name:port
    security.inter.broker.protocol=SASL_PLAINTEXT
    sasl.mechanism.inter.broker.protocol=PLAIN
    sasl.enabled.mechanisms=PLAIN
    认证权限配置
    server.propert文件
    authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
    allow.everyone.if.no.acl.found=true //对所有用户topic可见
    super.users=User:Bob;User:Alice

    client端
    在kafka-console-producer.sh中添加
    export KAFKA_OPTS="-Djava.security.auth.login.config=/home/app/projects/kafka/config/kafka_client_jaas.conf"

    kafka_client_jaas.conf文件添加如下内容
    KafkaClient {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="alice"
    password="alice-secret";
    };
    添加配置在producer.properties或consumer.properties
    security.protocol=SASL_PLAINTEXT
    sasl.mechanism=PLAIN

    授权
    ~/projects/kafka/bin/kafk-acls.sh --authorizer-properties zookeeper.connect=localhost:2181/tkafka --add --allow-principal User:alice --operation Read --operation Write --topic T_acl-1

    生产者
    ./projects/kafka/bin/kafka-console-producer.sh --broker-list 127.0.0.1:9092 --topic t-cal --producer.config ~/projects/kafka/config/producer.properties
    消费者

  • 相关阅读:
    nginx proxy_set_header
    nginx minio
    /etc/nginx/sitesenabled
    IDEA从mapper.java或者dao.java跳转到mapper.xml
    htmlwebpackplugin 配置项
    第29天 [js]时间戳转换
    CSS权重值计算
    nginx+keepalived实现高可用负载均衡 繁华
    kali安装 IDEA2020 破解并创建快捷方式
    下载 android source 之repo获取
  • 原文地址:https://www.cnblogs.com/felixzh/p/11045791.html
Copyright © 2020-2023  润新知