Thanks again. That clarified the question. On Wed, Apr 20, 2016 at 9:55 AM, Tom Crayford <tcrayf...@heroku.com> wrote:
> Yes > > On Wed, Apr 20, 2016 at 2:52 PM, Srividhya Shanmugam < > srivishanmu...@gmail.com> wrote: > > > Yes, I followed those steps for setting up SSL based authentication. ok, > If > > I understand correclty, the subject name of the client cert is what I > need > > to use when running kafka-acls script to add acls on topic. > > Those will be validated against the client cert trustore/keystore > locations > > specified through java client for producers and cnsumers. > > > > Is that correct? > > > > Thanks > > Sri > > > > > > On Wed, Apr 20, 2016 at 9:29 AM, Tom Crayford <tcrayf...@heroku.com> > > wrote: > > > > > Yes: http://kafka.apache.org/documentation.html#security_ssl > > > > > > On Wed, Apr 20, 2016 at 2:29 PM, Srividhya Shanmugam < > > > srivishanmu...@gmail.com> wrote: > > > > > > > Thanks Tom. Should the custom client cert be generated and signed by > CA > > > in > > > > all brokers? Is there an example or more documentation on this? > > > > Sri > > > > > > > > On Wed, Apr 20, 2016 at 9:14 AM, Tom Crayford <tcrayf...@heroku.com> > > > > wrote: > > > > > > > > > Hi Sri, > > > > > > > > > > You can configure ACLs by using SSL client authentication with a > > custom > > > > > client cert - the subject of the client cert will be used as the > ACL > > > > user. > > > > > > > > > > Thanks > > > > > Tom > > > > > > > > > > On Wed, Apr 20, 2016 at 2:12 PM, Srividhya Shanmugam < > > > > > srivishanmu...@gmail.com> wrote: > > > > > > > > > > > Kafka Team, > > > > > > > > > > > > I am trying to integrate kafka security. I was able to > authenticate > > > > using > > > > > > SSL(TLS) with a single broker/client and a two node set up. I > > started > > > > > > reading about ACLs and my understanding is ACLs can be configured > > > with > > > > > > kerberos principals. > > > > > > > > > > > > Is there a way ACLs can be configured with custom non kerberos > > > > > principals? > > > > > > Would that require implementing a custom ACL authorizer? > > > > > > > > > > > > Thanks, > > > > > > Sri > > > > > > > > > > > > > > > > > > > > >