Kafka - Security
You want to configure a Kafka client to authenticate using SASL_SSL with SCRAM-SHA-512 and also enable SSL encryption. Which configuration combination is correct?
You want to configure a Kafka client to authenticate using SASL_SSL with SCRAM-SHA-512 and also enable SSL encryption. Which configuration combination is correct?
hard📝 Application Q8 of 15
Step-by-Step Solution
Solution:
Step 1: Identify correct protocol for SASL_SSL with SCRAM
security.protocol must be SASL_SSL to enable SASL authentication over SSL encryption.Step 2: Check SASL and SSL properties
sasl.mechanism and sasl.jaas.config must specify SCRAM-SHA-512 with credentials; ssl.truststore properties enable SSL encryption.Step 3: Evaluate other options
security.protocol=SSL sasl.mechanism=SCRAM-SHA-512 ssl.keystore.location=/path/to/keystore.jks misses SASL_SSL protocol; security.protocol=SASL_PLAINTEXT sasl.mechanism=SCRAM-SHA-512 sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="pass"; uses SASL_PLAINTEXT (no SSL); security.protocol=PLAINTEXT sasl.mechanism=SCRAM-SHA-512 uses PLAINTEXT (no security).Final Answer:
security.protocol=SASL_SSL sasl.mechanism=SCRAM-SHA-512 sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="pass"; ssl.truststore.location=/path/to/truststore.jks ssl.truststore.password=trustpass -> Option DQuick Check:
SASL_SSL + SCRAM + truststore = secure auth and encryption [OK]
Quick Trick: Use SASL_SSL with truststore for SCRAM and SSL encryption [OK]
Common Mistakes:
- Using SSL without SASL for SCRAM
- Using SASL_PLAINTEXT disables encryption
- Omitting truststore for SSL encryption
Master "Security" in Kafka
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore Kafka Quizzes