Configuring Kafka Server with SASL authentication

  1. Specify JVM parameter in kafka-run-class.bat/sh.

    set JAVA_OPTS=%JAVA_OPTS%

    -Djava.security.auth.login.config=/PATH/kafka_server_jaas.conf

    set COMMAND=%JAVA% %JAVA_OPTS% %KAFKA_HEAP_OPTS%

    %KAFKA_JVM_PERFORMANCE_OPTS% %KAFKA_JMX_OPTS% %KAFKA_LOG4J_OPTS% -cp

    "%CLASSPATH%" %KAFKA_OPTS% %*

    Sample jaas.config file:
    KafkaServer {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="admin-secret"
   user_admin="admin-secret"
   user_alice="alice-secret";
};

    KafkaClient {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="alice"
  password="alice-secret";
};
  2. Update the following Kafka server properties file from KAFKA_SERVER/config/server.properties.
    listeners=SASL_PLAINTEXT:// <KAFKA_HOST>:<KAFKA_PORT> 
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
  3. In case of WebSphere App server
    Add following configuration in <Websphere_Location>\profiles<profileName>\properties\wsjaas.conf 
    KafkaClient

{org.apache.kafka.common.security.plain.PlainLoginModule required
username="alice"
password="alice-secret"; }
  4. Once you've updated the JAAS configuration, ensure that WebSphere knows about it.
    Add this to the JVM arguments:
    • Open WebSphere Admin Console.
    • Go to Servers > Server Types > WebSphere application servers > Select your server > Java and Process Management > Process Definition > Java Virtual Machine > Custom Properties.
    • Add a new custom property:
      • Name: java.security.auth.login.config
      • Value: C:\path\to\your\kafka_client_jaas.conf