@Bosco my testing was around verifying ability to authorize access to Secure Kafka simultaneously over a secure and insecure channel.
To give context to others on this list: Rationale for the above testing was to avoid regression for users who are already using a secure cluster with insecure Kafka. Note that existing applications don’t have any security so aim of testing was to ensure that those legacy applications would continue to work via insecure channel support. Over time such users would transition applications over to secure channel to leveraged from fine grained authorization. Those findings are captured here <https://cwiki.apache.org/confluence/display/RANGER/Kafka+Plugin>. Thanks On 4/12/16, 3:21 PM, "Don Bosco Durai" <[email protected]> wrote: >+Harsha > >This is an interesting issue. In the final release version, if I am not wrong, >Kafka started supporting both secure and non-secure in the same deployment, >but by using different ports. > >I have copied Harsha from the Kafka community. He should be able to answer >what was finally included in Kafka 0.9. > >I didn’t the test Ranger+Kafka without Kerberos, but technically, we should be >able to support non-secure deployment with IP based policies. > >Alok, I remember you trying IP based policies. Were there in a non-kerberos >mode? > >Thanks > >Bosco > > >From: Gautam Borad <[email protected]> >Reply-To: <[email protected]> >Date: Monday, April 11, 2016 at 2:36 AM >To: "[email protected]" <[email protected]>, >"[email protected]" <[email protected]> >Subject: Re: Does apache kafka authorizer must Dependent on kerberos ? > >+ dev list > >Hi Yuhuan, Yes, you are right, the KAFKA plugins works only in >secure(kerberos) mode. > >On Mon, Apr 11, 2016 at 1:54 PM, [email protected] <[email protected]> >wrote: >Hi gborad: > >Long time no communication, I hope you have time to help me answer this >question, thank you. > >Does apache kafka authorizer must Dependent on kerberos ? > > >Also have a error as follow > >[2016-04-11 15:51:39,775] ERROR Error getting principal. >(org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer) >java.lang.NullPointerException >at org.apache.kafka.common.security.kerberos.Login.<init>(Login.java:98) >at >org.apache.kafka.common.security.kerberos.LoginManager.<init>(LoginManager.java:44) >at >org.apache.kafka.common.security.kerberos.LoginManager.acquireLoginManager(LoginManager.java:85) >at >org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.configure(RangerKafkaAuthorizer.java:85) >at >org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.configure(RangerKafkaAuthorizer.java:96) >at kafka.server.KafkaServer$$anonfun$startup$3.apply(KafkaServer.scala:197) >at kafka.server.KafkaServer$$anonfun$startup$3.apply(KafkaServer.scala:195) >at scala.Option.map(Option.scala:146) >at kafka.server.KafkaServer.startup(KafkaServer.scala:195) >at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37) >at kafka.Kafka$.main(Kafka.scala:67) >at kafka.Kafka.main(Kafka.scala) > >Regards >yuhuan.li > >[email protected] > > > >-- >Regards, >Gautam. >
