One option is to enable multiple listeners (PLAINTEXT, SASL_PLAINTEXT) on brokers and slowly migrate the clients/services.
On Wed, Sep 19, 2018 at 10:38 PM Ashwin Sinha <ashwin.si...@go-mmt.com> wrote: > Hi, > > We have tried setting up Kafka Authentication by SASL/PLAIN > <https://kafka.apache.org/10/documentation.html#security_sasl_plain> and > SASL/SCRAM > <https://kafka.apache.org/10/documentation.html#security_sasl_scram> (both > w/o SSL). We found that SASL/SCRAM is more convenient as we do not need to > restart Kafka/Zookeeper again and again on adding new credentials. > > Problem: if we enable cluster-wide authentication by adding broker > parameters > < > https://kafka.apache.org/10/documentation.html#security_sasl_scram_brokerconfig > > > then existing consumers will stop getting the data until they use > authentication > properties file > < > https://kafka.apache.org/10/documentation.html#security_sasl_scram_clientconfig > > > at their end. Is there any way/mode/config where we can start it as an > on-demand feature and slowly change to required(mandatory) feature? Because > this sudden change can affect many crucial services and jobs. > > -- > *Ashwin Sinha *| Data Engineer > ashwin.si...@go-mmt.com <shivam.sha...@go-mmt.com> | 9452075361 > <https://www.makemytrip.com/> <https://www.goibibo.com/> > <https://www.redbus.in/> > > -- > > > ::DISCLAIMER:: > > > > ---------------------------------------------------------------------------------------------------------------------------------------------------- > > > > > > This message is intended only for the use of the addressee and may > contain information that is privileged, confidential and exempt from > disclosure under applicable law. If the reader of this message is not the > intended recipient, or the employee or agent responsible for delivering > the > message to the intended recipient, you are hereby notified that any > dissemination, distribution or copying of this communication is strictly > prohibited. If you have received this e-mail in error, please notify us > immediately by return e-mail and delete this e-mail and all attachments > from your system. >
