Configuring Kafka Server with SASL authentication

  1. Specify JVM parameter in kafka-run-class.bat/sh.

    set JAVA_OPTS=%JAVA_OPTS%

    -Djava.security.auth.login.config=/PATH/kafka_server_jaas.conf

    set COMMAND=%JAVA% %JAVA_OPTS% %KAFKA_HEAP_OPTS%

    %KAFKA_JVM_PERFORMANCE_OPTS% %KAFKA_JMX_OPTS% %KAFKA_LOG4J_OPTS% -cp

    "%CLASSPATH%" %KAFKA_OPTS% %*

    Sample jaas.config file:
    KafkaServer {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="admin-secret"
   user_admin="admin-secret"
   user_alice="alice-secret";
};

    KafkaClient {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="alice"
  password="alice-secret";
};
  2. Update the following Kafka server properties file from KAFKA_SERVER/config/server.properties.
    listeners=SASL_PLAINTEXT:// <KAFKA_HOST>:<KAFKA_PORT> 
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN