Kafka JAAS Plain SASL 安全认证配置

1. 配置zookeeper

1. 为zookeeper添加 jaas 文件

zookeeper {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="geting"
password="geting";
};

2. 在启动zookeeper时，在KAFKA_OPTS变量里加上" -Djava.security.auth.login.config=/home/work/bin/kafka_2.11-0.10.0.0/sbin/kafka_zoo_jaas.conf"

export KAFKA_OPTS=" -Djava.security.auth.login.config=/home/work/bin/kafka_2.11-0.10.0.0/sbin/kafka_zoo_jaas.conf"
zookeeper-server-start.sh $KAFKA_HOME/config/zookeeper.properties >> zookeeper.log 2>&1 &

2. 配置Server 

1. 为server添加jaas 文件

KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="geting"
password="geting"
user_geting="geting"
user_alice="alice-secret";
};

2. 修改server 的配置文件

在配置文件中添加如下配置

listeners=SASL_PLAINTEXT://localhost:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN

3. 在启动server时，在KAFKA_OPTS变量里加上" -Djava.security.auth.login.config=/home/work/bin/kafka_2.11-0.10.0.0/sbin/kafka_server_jaas.conf"

export KAFKA_OPTS=" -Djava.security.auth.login.config=/home/work/bin/kafka_2.11-0.10.0.0/sbin/kafka_server_jaas.conf"
kafka-server-start.sh $KAFKA_HOME/config/server.properties >> kafka.log 2>&1 &

3. 配置client

1.为consuer和producer 添加jaas

KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="geting"
password="geting";
};

2. 修改consuer和producer的配置文件

在consumer.properties和producer.properties里分别加上如下配置

security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN

3. 在启动consumer和producer时，在KAFKA_OPTS变量里加上" -Djava.security.auth.login.config=/home/work/bin/kafka_2.11-0.10.0.0/sbin/kafka_client_jaas.conf"

export KAFKA_OPTS=" -Djava.security.auth.login.config=/home/work/bin/kafka_2.11-0.10.0.0/sbin/kafka_client_jaas.conf"
kafka-console-producer.sh --broker-list localhost:9092 --topic topicName --producer.config $KAFKA_HOME/config/producer.properties

export KAFKA_OPTS=" -Djava.security.auth.login.config=/home/work/bin/kafka_2.11-0.10.0.0/sbin/kafka_client_jaas.conf"
kafka-console-consumer.sh --zookeeper localhost:2181 --bootstrap-server localhost:9092 --topic topicName --from-beginning --consumer.config $KAFKA_HOME/config/consumer.properties --new-consumer