I am exploring on the Security capabilities of Kafka 0.9.1 but unable to use it successfully.
I have set below configuration in my server.properties
allow.everyone.if.no.acl.found=false super.users=User:root;User:kafka
I created an ACL using below command
./kafka-acls.sh --authorizer-properties zookeeper.connect= --add --allow-principal User:imit --allow-host --topic imit --producer --consumer --group imit-consumer-group
and I see below response for it
Current ACLs for resource Topic:imit:
User:imit has Allow permission for operations: Describe from hosts:
User:imit has Allow permission for operations: Read from hosts:
User:imit has Allow permission for operations: Write from hosts:
Note: Values mentioned in <> are replaced with some dummy values in the question and used correctly while creating the ACL
I have following observations:
a) Though I define the rule for imit topic to access for a particular using from a given host yet I can write to the topic from any host using any user account.
b) I am unable to read the messages from topic from any host or any user account (even using the one for which I have defined the rules).
I am running Kafka on RHEL 6.7 and all the users are local.
Appreciate if someone can guide if I am missing any configuration parameters or commands to manage authorization or if Kafka is behaving in a weird way.
Also where can I getting authorization related logs in Kafka?
Thanks & Regards,
Sudeep
