Kafka has already provided different SASL authentication mechanism such as GSSAPI (Kerberos),PLAIN,SCRAM-SHA-256,SCRAM-SHA-512 and OAUTHBEARER.
What is the best authentication mechanism in the above list for production environment?
1
votes
1 Answers
3
votes
There is no "best" authentication mechanism. You need to pick the one that satisfies your requirements and that integrates with your existing infrastructure (if you want to!).
For example, PLAIN requires you to use TLS (otherwise credentials will be exchanged in clear) but easily integrates into LDAP.
On the other hand, if you already have a Kerberos deployment, then using GSSAPI might make sense.
If some of your clients cannot use TLS, SCRAM might be an alternative as it ensures no credentials are exchanged in clear.
That said, all of them can be used in production if correctly configured. The choice is for you to pick the one that works the best for your deployment.
