[Solved] You want to configure a Kafka client to authenticate using SASL SCRAM-SHA-512 over SSL. Which configuration snippet is correct? | Kafka

Kafka - Security

You want to configure a Kafka client to authenticate using SASL SCRAM-SHA-512 over SSL. Which configuration snippet is correct?

Asecurity.protocol=SASL_SSL sasl.mechanism=PLAIN sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="user" password="pass";

Bsecurity.protocol=SSL sasl.mechanism=SCRAM-SHA-512 sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="pass";

Csecurity.protocol=SASL_PLAINTEXT sasl.mechanism=SCRAM-SHA-512 sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="pass";

Dsecurity.protocol=SASL_SSL sasl.mechanism=SCRAM-SHA-512 sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="pass";

Step-by-Step Solution

Solution:

Step 1: Identify correct security.protocol for SASL SCRAM over SSL
It must be 'SASL_SSL' to use SASL authentication over SSL.
Step 2: Match sasl.mechanism and jaas config
For SCRAM-SHA-512, sasl.mechanism must be 'SCRAM-SHA-512' and jaas config must use ScramLoginModule.
Step 3: Verify options
security.protocol=SASL_SSL sasl.mechanism=SCRAM-SHA-512 sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="pass"; matches all requirements. security.protocol=SSL sasl.mechanism=SCRAM-SHA-512 sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="pass"; misses SASL in protocol. security.protocol=SASL_PLAINTEXT sasl.mechanism=SCRAM-SHA-512 sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="pass"; uses PLAINTEXT transport. security.protocol=SASL_SSL sasl.mechanism=PLAIN sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="user" password="pass"; uses PLAIN mechanism, not SCRAM.
Final Answer:
security.protocol=SASL_SSL sasl.mechanism=SCRAM-SHA-512 sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="pass"; -> Option D
Quick Check:
SASL_SSL + SCRAM-SHA-512 + ScramLoginModule = security.protocol=SASL_SSL sasl.mechanism=SCRAM-SHA-512 sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="pass"; [OK]

Quick Trick: Use SASL_SSL with matching SCRAM mechanism and login module [OK]

Common Mistakes:

MISTAKES

Using SSL without SASL for SCRAM
Mixing PLAIN mechanism with SCRAM config
Setting security.protocol to PLAINTEXT

Master "Security" in Kafka

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More Kafka Quizzes

You want to configure a Kafka client to authenticate using SASL SCRAM-SHA-512 over SSL. Which configuration snippet is correct?

Step 1: Identify correct security.protocol for SASL SCRAM over SSL

Step 2: Match sasl.mechanism and jaas config

Step 3: Verify options

Final Answer:

Quick Check:

Want More Practice?