Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-9486

Kafka Security

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      My use case is to setup different protocol for inter-broker communication and producer/consumer to broker communication.

       

      Hence I have below  broker configuration 

       

      "zookeeper.sasl.enabled": false

      {{ # Disable hostname verification, default is https.
      "ssl.endpoint.identification.algorithm":
      "inter.broker.listener.name": PLAINTEXT
      "listener.name.external.sasl.enabled.mechanisms": OAUTHBEARER
      "listener.name.external.oauthbearer.sasl.login.callback.handler.class": oracle.insight.common.kafka.security.OAuthBearerSignedLoginCallbackHandler
      "listener.name.external.oauthbearer.sasl.server.callback.handler.class": oracle.insight.common.kafka.security.OAuthBearerSignedValidatorCallbackHandler
      "listener.security.protocol.map": PLAINTEXT:PLAINTEXT,EXTERNAL:SASL_PLAINTEXT
      "listener.name.external.oauthbearer.sasl.jaas.config": org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required signedLoginStringClaim_ocid=insightAdmin signedLoginKeyServiceClass=oracle.insight.common.security.SMSKeyService signedValidatorKeyServiceClass=oracle.insight.common.security.SMSKeyService;
      "advertised.listeners": EXTERNAL://kafka-$((${KAFKA_BROKER_ID})).mydomain:$((${KAFKA_OUTSIDE_PORT} + ${KAFKA_BROKER_ID}))}}

      With this i always get 

       

      {{[2020-01-30 17:23:55,228] INFO [SocketServer brokerId=0] Failed authentication with /10.244.0.1 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
      [2020-01-30 17:23:55,633] INFO [SocketServer brokerId=0] Failed authentication with /10.244.0.1 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
      [2020-01-30 17:23:55,989] INFO [SocketServer brokerId=0] Failed authentication with /10.244.0.1 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)}}

       

      From the logs it looks like  inter-broker communication is happening via SASL even though I set it to PLAIN_TEXT

      "inter.broker.listener.name": PLAINTEXT

      Please guide me on what needs to be done to resolve this issue. Am i using right set of configuration or any config is missing?

      thanks

      Robin Kuttaiah

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              RobinKuttaiah Kuttaiah
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: