堆栈内存溢出
  简体   繁体   English

与 kafka 或其他框架一起使用时是否存在 JAAS / SASL / PLAIN / SCRAM 的安全架构图?

[英]Does a Security architecuture Diagram of JAAS / SASL / PLAIN / SCRAM when used with kafka or other frameworks exists?

 原文  2021-06-12 08:10:19       apache-kafka/ jaas/ java-security/ sasl

问题描述

I am not an expert but am aware of the auth mechanism that works commonly with kafka.我不是专家,但我知道通常与 kafka 一起使用的身份验证机制。 Common usecases/implementations for kafka use SASL Plain or SASL SCRAM ie kafka 的常见用例/实现使用 SASL Plain 或 SASL SCRAM 即
security.protocol=SASL_SSL or security.protocol=SASL_PLAINTEXT (Not recommended for PLAIN mechanism) security.protocol=SASL_SSLsecurity.protocol=SASL_PLAINTEXT (不推荐用于 PLAIN 机制)
and
sasl.mechanism=SCRAM-SHA-256 or 512 or sasl.mechanism=PLAIN (not recommended any more). sasl.mechanism=SCRAM-SHA-256或 512 或sasl.mechanism=PLAIN (不再推荐)。

then I see JAAS configuration as below -然后我看到 JAAS 配置如下 -
sasl.jaas.config = org.apache.kafka.common.security.scram.ScramLoginModule required username password

What I don't get in the picture is how JAAS fits in the client and server architecture.我没有在图片中看到 JAAS 如何适合客户端和服务器架构。 Is there an architecture diagram that i can refer to to get the bigger picture.有没有我可以参考的架构图来获得更大的图景。 I have searched over google for security architecture for kafka and how JAAS fit's in to it, but had no luck.我已经在谷歌上搜索了 kafka 的安全架构以及 JAAS 如何适合它,但没有运气。
Could some one help.有人能帮忙吗。

1 个解决方案

解决方案1
 0  2021-06-12 12:01:54

You are setting the jaas file as a java argument in the KAFKA_OPTS or in the client properties您在 KAFKA_OPTS 或客户端属性中将 jaas 文件设置为 java 参数

export KAFKA_OPTS="-Djava.security.auth.login.config=/etc/kafka/client_jaas.conf"导出 KAFKA_OPTS="-Djava.security.auth.login.config=/etc/kafka/client_jaas.conf"

Using KafkaClient {}使用 KafkaClient {}

Or using the client configuration或者使用客户端配置

sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule 需要
username="user"用户名="用户"
password="psw";密码="psw";

https://docs.confluent.io/platform/current/kafka/authentication_sasl/index.html https://docs.confluent.io/platform/current/kafka/authentication_sasl/index.html

Or if you are using java spring framework check this documentation或者,如果您使用 java spring 框架,请查看此文档

https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/jaas.html https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/jaas.html

Jaas is the file/configuration which contains the applicative user information which authenticate to the kafka cluster Jaas 是文件/配置,其中包含向 kafka 集群进行身份验证的应用用户信息

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有 SSL 选项的 Kafka SASL/Plain 和带有 SSL 的 Kafka SASL/Scram - Kafka SASL/Plain with SSL options and Kafka SASL/Scram with SSL Kafka Security 实现问题 SASL SSL 和 SCRAM - Kafka Security implementation issue SASL SSL and SCRAM kafka SASL_PLAIN SCRAM 在 spring 引导消费者中失败 - kafka SASL_PLAIN SCRAM is fail in spring boot consumer 将 JAAS 配置传递给 bitnami/kafka helm chart for SASL/PLAIN - Passing JAAS config to bitnami/kafka helm chart for SASL/PLAIN kafka SASL/SCRAM 身份验证失败 - kafka SASL/SCRAM Failed authentication 使用 SASL/PLAIN 设置 kafka 安全集群 - Setup kafka security cluster with SASL/PLAIN 带有 SASL-SSL-security-protocol (SCRAM-SHA-512) 的 Mule 4 Kafka 连接器 - Mule 4 Kafka connector with SASL-SSL-security-protocol (SCRAM-SHA-512) kafka-python:使用 SASL_SSL + SCRAM-SHA-512 时在接收期间重置连接 - kafka-python: Connection reset during recv when using SASL_SSL + SCRAM-SHA-512 如何在Java中使用sasl机制PLAIN和安全协议SASL_SSL配置kafka使用者? - How to configure kafka consumer with sasl mechanism PLAIN and with security protocol SASL_SSL in java? Zookeeper和Kafka具有SASL安全性 - Zookeeper and Kafka with SASL security
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM