Skip to content

Commit d1a1cd6

Browse files
mroiter-larusmroiter-larus
authored
Fixes #321: Add section in documentation for JAAS_Plain configuration (#323)
1 parent 581f254 commit d1a1cd6

File tree

1 file changed

+44
-1
lines changed

1 file changed

+44
-1
lines changed

doc/asciidoc/kafka-ssl/index.adoc

Lines changed: 44 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -151,4 +151,47 @@ security.protocol=SSL
151151
ssl.truststore.location=/home/kafka/security/kafka.client.truststore.jks
152152
ssl.truststore.password=neo4jpassword
153153
ssl.endpoint.identification.algorithm=
154-
----
154+
----
155+
156+
=== Authentication with SASL
157+
158+
You can configure JAAS by providing a JAAS configuration file. To do this, connect to your Kafka server and modify the
159+
`config/server.properties` file. This configuration worked in general, but other configurations without the EXTERNAL
160+
and INTERNAL settings should works as well.
161+
162+
This configuration, for example, is for Kafka on AWS but should work for other configurations.
163+
164+
[source, properties]
165+
----
166+
listeners=EXTERNAL://0.0.0.0:9092,INTERNAL://0.0.0.0:9093,CLIENT://0.0.0.0:9094
167+
listener.security.protocol.map=EXTERNAL:SASL_PLAINTEXT,INTERNAL:PLAINTEXT,CLIENT:SASL_PLAINTEXT
168+
169+
advertised.listeners=EXTERNAL://18.188.84.xxx:9092,INTERNAL://172.31.43.xxx:9093,CLIENT://18.188.84.xxx:9094
170+
171+
zookeeper.connect=18.188.84.xxx:2181
172+
173+
sasl.mechanism.inter.broker.protocol=PLAIN
174+
sasl.enabled.mechanisms=PLAIN
175+
inter.broker.listener.name=INTERNAL
176+
----
177+
178+
On the Neo4j side the following is required. Please consider that in this case, we are connecting to the public
179+
AWS IP address.
180+
181+
. Copy the contents of `~/kafka/conf/kafka_jaas.conf` on your Kafka server and save it to a file on your Neo4j server
182+
(i.e ~/conf/kafka_client_jaas.conf)
183+
184+
. In *neo4j.conf*, add the following:
185+
186+
+
187+
[source, properties]
188+
----
189+
dbms.jvm.additional=-Djava.security.auth.login.config=/Users/davidfauth/neo4j-enterprise-4.0.4_kafka/conf/kafka_client_jaas.conf
190+
kafka.security.protocol=SASL_PLAINTEXT
191+
kafka.sasl.mechanism=PLAIN
192+
----
193+
194+
For more information, please consult the official Confluent documentation at the following links:
195+
196+
* https://docs.confluent.io/2.0.0/kafka/sasl.html#authentication-using-sasl
197+
* https://docs.confluent.io/2.0.0/kafka/sasl.html#configuring-kafka-clients

0 commit comments

Comments
 (0)