Updated on 2025-04-15 GMT+08:00

SASL/PLAINTEXT Authentication

Scenario

Kafka supports SASL/PLAINTEXT authentication for clusters with Kerberos authentication enabled.

Constraints

This section applies to MRS 3.2.0 and later versions.

If the current cluster version is MRS 3.2.0-LTS.1, ensure that MRS 3.2.0-LTS.1.5 or a later patch has been installed on the cluster.

Procedure

  1. Configure SASL/PLAINTEXT authentication on the Kafka server.

    1. Log in to FusionInsight Manager.
    2. Choose Cluster > Services > Kafka and choose Configurations > All Configurations. Search for sasl.enabled.mechanisms, change the value to GSSAPI,PLAIN, and click Save.
    3. Click Dashboard, click More, and select Restart Service to make the configuration take effect.

  1. Configure SASL/PLAINTEXT authentication on the Kafka client.

    You only need to configure dynamic jaas.conf and set related authentication attributes on the Kafka client. For details, see the authentication sample code in Producer of the com.huawei.bigdata.kafka.example.security package.
    public static Properties initProperties() {
        ............
        props.put("sasl.mechanism", "PLAIN");
        props.put("sasl.jaas.config","org.apache.kafka.common.security.plain.PlainLoginModule required username=manager_user password=Password;");
    }
    • manager_user is a human-machine user created on FusionInsight Manager and must have the production and consumption permissions for the topic that is being used.
    • Password is the password of manager_user.