Yes, I followed those steps for setting up SSL based authentication. ok, If I understand correclty, the subject name of the client cert is what I need to use when running kafka-acls script to add acls on topic. Those will be validated against the client cert trustore/keystore locations specified through java client for producers and cnsumers.
Is that correct? Thanks Sri On Wed, Apr 20, 2016 at 9:29 AM, Tom Crayford <tcrayf...@heroku.com> wrote: > Yes: http://kafka.apache.org/documentation.html#security_ssl > > On Wed, Apr 20, 2016 at 2:29 PM, Srividhya Shanmugam < > srivishanmu...@gmail.com> wrote: > > > Thanks Tom. Should the custom client cert be generated and signed by CA > in > > all brokers? Is there an example or more documentation on this? > > Sri > > > > On Wed, Apr 20, 2016 at 9:14 AM, Tom Crayford <tcrayf...@heroku.com> > > wrote: > > > > > Hi Sri, > > > > > > You can configure ACLs by using SSL client authentication with a custom > > > client cert - the subject of the client cert will be used as the ACL > > user. > > > > > > Thanks > > > Tom > > > > > > On Wed, Apr 20, 2016 at 2:12 PM, Srividhya Shanmugam < > > > srivishanmu...@gmail.com> wrote: > > > > > > > Kafka Team, > > > > > > > > I am trying to integrate kafka security. I was able to authenticate > > using > > > > SSL(TLS) with a single broker/client and a two node set up. I started > > > > reading about ACLs and my understanding is ACLs can be configured > with > > > > kerberos principals. > > > > > > > > Is there a way ACLs can be configured with custom non kerberos > > > principals? > > > > Would that require implementing a custom ACL authorizer? > > > > > > > > Thanks, > > > > Sri > > > > > > > > > >
