SASL/SCRAM动态认证
配置SASL/PLAIN验证,实现了对Kafka的权限控制。但SASL/PLAIN验证有一个问题:只能在JAAS文件KafkaServer中配置用户,一但Kafka启动,无法动态新增用户。SASL/SCRAM验证可以动态新增用户并分配权限安装步骤.
初始化
①启动Zookeeper服务
[root@CentOS zookeeper-3.4.6]# ./bin/zkServer.sh start zoo.cfg
JMX enabled by default
Using config: /usr/zookeeper-3.4.6/bin/../conf/zoo.cfg
Starting zookeeper ... STARTED
②解压kafka安装包
③ 创建SCRAM证书
1、创建broker建通信用户:admin(在使用sasl之前必须先创建,否则启动报错)
[root@CentOS kafka_2.11-2.2.0]# ./bin/kafka-configs.sh --zookeeper CentOS:2181 --alter --add-config 'SCRAM-SHA-256=[password=admin-sec],SCRAM-SHA-512=[password=admin-sec]' --entity-type users --entity-name admin
Completed Updating config for entity: user-principal 'admin'.
2、创建生产用户:producer
[root@CentOS kafka_2.11-2.2.0]# ./bin/kafka-configs.sh --zookeeper CentOS:2181 --alter --add-config 'SCRAM-SHA-256=[password=producer-sec],SCRAM-SHA-512=[password=producer-sec]' --entity-type users --entity-name producer
Completed Updating config for entity: user-principal 'producer'.
3、创建生产用户:consumer
[root@CentOS kafka_2.11-2.2.0]# ./bin/kafka-configs.sh --zookeeper CentOS:2181 --alter --add-config 'SCRAM-SHA-256=[password=consumer-sec],SCRAM-SHA-512=[password=consumer-sec]' --entity-type users --entity-name consumer
Completed Updating config for entity: user-principal 'producer'.
4、查看SCRAM证书信息
- 查看所有用户证书
[root@CentOS kafka_2.11-2.2.0]# ./bin/kafka-configs.sh --zookeeper CentOS:2181 --describe --entity-type users
Configs for user-principal 'admin' are SCRAM-SHA-512=salt=eGNkNjYzZDJwN24xeTFtaXpic2d6dnY1ag==,stored_key=l4FUWp9mV5gjT2NQT0ehFoZ6xp2UVWo9uzdoqCMTkHwM/QeJLL18ox6Xj4hDe3RBb4nv/RjGsJgKkXHd+cURNg==,server_key=QMAjOMaLnrbzwyJwlXaPFK81HuIQzS9NJJGrQewKlpHO/7oq7Pc8BAxMApyGjv7THFpzcLiFarspyvPJeG1V2w==,iterations=4096,SCRAM-SHA-256=salt=N2FyaWdpenRiYzczeWUwdXpidGN5N2NlYQ==,stored_key=q1rarCTxAZgLT14da2BGoKJ+AR80rqkRSCCH6q+wNC8=,server_key=34mFNBMYr5S8xznga6/N7eWPB16fRgM/uXh1A7Mp9NU=,iterations=4096
Configs for user-principal 'producer' are SCRAM-SHA-512=salt=bTg2dmExaDlucGdrOTh0bGp3dzVleDJzNg==,stored_key=OIKvp1ZqEBYh6l6W6DAaVGoff7qpSQ6QW21TH2k8Flt5V3IpUXXAjq9zkE8M1QHB5dTDaIxudYpDsJrr5sdbgw==,server_key=s2tMQOEb7aR7fFpkGFmy/OOqsDqy/Os32JbCUj3Crd/bXwQsbez5Bp661bliQVze8db9cBNOnvWGrf3smDJQNg==,iterations=4096,SCRAM-SHA-256=salt=NWJpajRncXR2MW8wOW04NzNqanM0YTI0Yg==,stored_key=HamFB9o2XMNzDyNhCCkBfDo73rwF9spdM3joIui7nZY=,server_key