Swiftorial Logo
Home
Swift Lessons
Matchups
CodeSnaps
Tutorials
Career
Resources

SASL Tutorial

Introduction to SASL

SASL (Simple Authentication and Security Layer) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, enabling the use of various authentication methods without changing the application layer.

What is SASL in Kafka?

In Kafka, SASL is used to authenticate clients to brokers. It supports multiple mechanisms such as PLAIN, SCRAM, GSSAPI (Kerberos), OAUTHBEARER, and more. SASL in Kafka ensures that only authenticated clients can produce or consume messages.

Setting Up SASL in Kafka

Let's go through the steps to set up SASL authentication in Kafka:

1. Configure Kafka Broker

First, we need to configure the Kafka broker to support SASL. Edit the server.properties file:

Add the following configurations:

security.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
advertised.listeners=SASL_PLAINTEXT://your.kafka.broker:9092
listener.name.sasl_plaintext.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
  username="admin" \
  password="admin-secret" \
  user_admin="admin-secret" \
  user_alice="alice-secret";

2. Configure Kafka Client

The Kafka client also needs to be configured to use SASL. Create a sasl_client.properties file with the following content:

Add the following configurations:

sasl.mechanism=PLAIN
security.protocol=SASL_PLAINTEXT
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
  username="alice" \
  password="alice-secret";

3. Run Kafka with SASL

After configuring the broker and client, start the Kafka broker and try producing and consuming messages using the configured client properties.

To start the Kafka broker:

bin/kafka-server-start.sh config/server.properties

To produce messages:

bin/kafka-console-producer.sh --broker-list your.kafka.broker:9092 --topic test-topic --producer.config sasl_client.properties

To consume messages:

bin/kafka-console-consumer.sh --bootstrap-server your.kafka.broker:9092 --topic test-topic --from-beginning --consumer.config sasl_client.properties

Conclusion

Setting up SASL in Kafka provides an additional layer of security by ensuring that only authenticated clients can interact with the Kafka brokers. By following the steps outlined in this tutorial, you should be able to configure SASL authentication in your Kafka setup.