[
https://issues.apache.org/jira/browse/KAFKA-8552?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16927233#comment-16927233
]
Liu edited comment on KAFKA-8552 at 9/11/19 4:44 AM:
-----------------------------------------------------
I've been working on this recently, and I have an idea. Under the Scram
mechanism, I mainly want to control other people add users and add permissions,
so I will be in the /config/users and /kafka-acl under the two paths add
digest authentication, part of the Java code is as follows:
kafkaZkClient.currentZooKeeper().addAuthInfo("digest", "bog:bog".getBytes());
AdminZkClient adminZkClient = new AdminZkClient(kafkaZkClient);
adminZkClient.changeConfigs(ConfigType.User(), name, configPro);
was (Author: boge):
I've been working on this recently, and I have an idea. Under the Scram
mechanism, I mainly want to control other people add users and add permissions,
so I will be in the/config/users/kafka - and acl under the two paths and digest
authentication, part of the Java code is as follows:
kafkaZkClient.currentZooKeeper().addAuthInfo("digest", "bog:bog".getBytes());
AdminZkClient adminZkClient = new AdminZkClient(kafkaZkClient);
adminZkClient.changeConfigs(ConfigType.User(), name, configPro);
> Use SASL authentication in ConfigCommand for connection to zookeeper
> --------------------------------------------------------------------
>
> Key: KAFKA-8552
> URL: https://issues.apache.org/jira/browse/KAFKA-8552
> Project: Kafka
> Issue Type: Improvement
> Components: zkclient
> Affects Versions: 2.2.1
> Reporter: Tim Lansbergen
> Priority: Minor
> Attachments: image (1).png, image.png
>
>
> Currently we are using the kafka-configs script to create SCRAM users in
> zookeeper. I execute the following command on the machine:
> *./kafka-configs --zookeeper _ip-adres_:2181 --alter --add-config
> 'SCRAM-SHA-256=[password=password]' --entity-type users --entity-name user123*
> I would like to create users dynamically via a Java api. Since it is not
> possible to create SCRAM users via the KafkaAdminApi (please confirm?), I am
> now using the Kafka Scala class 'AdminZkClient' to create users the same as
> way as the ConfigCommand currently does. It looks like the AdminZkClient
> doesn't provide a way to authenticate against zookeeper using SASL. I'm
> currently connecting to zookeeper without authentication and this is a
> security issue. Is it possible to connect with the AdminZkClient with SASL
> authentication?
> I'm aware of issue KAFKA-5722 which is an improvement to use the AdminClient
> in the ConfigCommand class so this issue might be a duplicate but I would
> like to know if it is possible to authenticate using SASL with the
> AdminZkClient.
> Thanks!
>
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
