SASL/PLAINTEXT Authentication

Scenario

Kafka supports SASL/PLAINTEXT authentication for clusters with Kerberos authentication enabled.

1. Configure SASL/PLAINTEXT authentication on the Kafka server.
   1. Log in to FusionInsight Manager.
   2. Choose Cluster > Services > Kafka and choose Configurations > All Configurations. Search for sasl.enabled.mechanisms, change the value to GSSAPI,PLAIN, and click Save.
   3. Click Dashboard, click More, and select Restart Service to make the configuration take effect.

2. Configure SASL/PLAINTEXT authentication on the Kafka client.
   You only need to configure dynamic jaas.conf and set related authentication attributes on the Kafka client. For details, see the authentication sample code in Producer of the com.huawei.bigdata.kafka.example.security package.

   public static Properties initProperties() {
       ............
       props.put("sasl.mechanism", "PLAIN");
       props.put("sasl.jaas.config","org.apache.kafka.common.security.plain.PlainLoginModule required username=manager_user password=Password;");
   }

   

   • manager_user is a human-machine user created on FusionInsight Manager and must have the production and consumption permissions for the topic that is being used.
   • Password is the password of manager_user.
     • If the open-source kafka-client JAR package is used, the special characters in the password can only be the dollar sign ($).
     • If the MRS kafka-client JAR package is used, the special characters in the password are those supported by FusionInsight Manager (for example, ~`!?,.;-_'(){}[]/<>@#$%^&*+|\=).