KAFKA 搭建SASL_PLAINTEXT/SCRAM 进行用户认证

1. broker 配置

############################# SASL ###########################
sasl.enabled.mechanisms=SCRAM-SHA-256
sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256
security.inter.broker.protocol=SASL_PLAINTEXT
listeners=SASL_PLAINTEXT://10.4.4.61:9092
advertised.listeners=SASL_PLAINTEXT://10.4.4.61:9092
############################# ACL ############################
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
super.users=User:admin

2. 创建 kafka-broker-scram.jaas

KafkaServer {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="admin"
password="admin";
};

3.指定 kafka-broker-scram.jaas 位置

修改 vim kafka-server-start.sh

exec $base_dir/kafka-run-class.sh $EXTRA_ARGS -Djava.security.auth.login.config=/opt/local/kafka/config/kafka-broker-scram.jaas kafka.Kafka "$@"

4.添加生产者消费者配置文件

producer-scram.conf和consumer-scram.conf

security.protocol=SASL_PLAINTEXT
sasl.mechanism=SCRAM-SHA-256
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="test" password="123456";

5.授权

#添加admin用户
./bin/kafka-configs.sh --zookeeper 10.4.4.61:2181 --alter --add-config 'SCRAM-SHA-256=[password=admin]' --entity-type users --entity-name admin
#使用admin用户创建topic
#1.新建auth.conf文件 cat config/auth.conf 
security.protocol=SASL_PLAINTEXT
sasl.mechanism=SCRAM-SHA-256
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="admin"
#2.运行命令
./bin/kafka-topics.sh --create --zookeeper 10.4.4.61:2181 --replication-factor 1 --partitions 3 --topic test command-config config/auth.conf
#添加test用户
./bin/kafka-configs.sh --zookeeper 10.4.4.61:2181 --alter --add-config 'SCRAM-SHA-256=[password=123456]' --entity-type users --entity-name test
#读权限
./bin/kafka-acls.sh --authorizer-properties zookeeper.connect=10.4.4.61:2181 --add --allow-principal User:"test" --consumer --topic 'test' --group '*'
#写权限
./bin/kafka-acls.sh --authorizer-properties zookeeper.connect=10.4.4.61:2181 --add --allow-principal User:"test" --producer --topic 'test'
#产生消息
./bin/kafka-console-producer.sh --broker-list 10.4.4.61:9092 --topic test --producer.config config/producer-scram.conf
#消费消息
./bin/kafka-console-consumer.sh --bootstrap-server 10.4.4.61:9092 --topic test --consumer.config config/consumer-scram.conf