.. _http-basic-auth: HTTP Basic Authentication ######################### You can add `HTTP Basic authentication `__ to these |cp| components: - :ref:`basic-auth-crest` - :ref:`basic-auth-kconnect` - :ref:`basic-auth-ksql` - :ref:`Schema Registry ` - :ref:`basic-auth-c3` .. note:: :ref:`Role-based access control (RBAC)` can be used to support security for all components. For details, see :ref:`connect-rbac-index`. .. _basic-auth-crest: |crest| ******* See :ref:`REST Proxy HTTP Basic authentication `. .. _basic-auth-kconnect: |kconnect| REST API ******************* #. Add the following configuration to your |kconnect| worker properties file (``etc/kafka/connect-distributed.propertes``): :: rest.extension.classes=org.apache.kafka.connect.rest.basic.auth.extension.BasicAuthSecurityRestExtension #. Create a JAAS configuration file. Your authentication realm is hardcoded to ``KafkaConnect``, so your JAAS must look like this: :: KafkaConnect { org.apache.kafka.connect.rest.basic.auth.extension.PropertyFileLoginModule required file="${CONFLUENT_HOME}/etc/kafka/connect.password"; }; #. Export ``KAFKA_OPTS`` with the path to the JAAS configuration file: :: export KAFKA_OPTS="-Djava.security.auth.login.config=" #. Create a password properties file (``CONFLUENT_HOME/etc/kafka/connect.password``). For example: :: thisismyusername: thisismypass .. _basic-auth-ksql: |ksqldb| ******** #. Add the following configuration in your |ksqldb| properties file (``etc/ksqldb/ksql-server.properties``): :: authentication.method=BASIC authentication.roles=admin,developer,user,ksq-user authentication.realm=KsqlServer-Props #. Create a JAAS file (``jaas_config.conf``): :: KsqlServer-Props { org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required file="/path/to/password-file" debug="false"; }; #. Create a password properties file (``CONFLUENT_HOME/etc/ksqldb/password-file``). The file parameter is the location of the password file. The format is: :: : ,[,,...] Following is an example: :: fred: OBF:1w8t1tvf1w261w8v1w1c1tvn1w8x,user,admin harry: changeme,user,developer tom: MD5:164c88b302622e17050af52c89945d44,user dick: CRYPT:adpexzg3FUZAk,admin,ksq-user #. Export the JAAS file: :: export KSQL_OPTS=-Djava.security.auth.login.config=/path/to/the/jaas_config.conf #. Start the |ksqldb| server: :: ksql-server-start ${CONFLUENT_HOME}/etc/ksqldb/ksql-server.properties For more information, see :ksqldb-docs:`Configure ksqlDB for Basic HTTP authentication|operate-and-deploy/installation/server-config/security/#configure-ksqldb-for-basic-http-authentication`. .. _basic-auth-sr: Schema Registry *************** .. include:: ../schema-registry/includes/basic-auth.rst For more information, see :ref:`schemaregistry_security`. .. _basic-auth-c3: |c3-short| ********** You can configure HTTP Basic authentication for |c3-short| or configure |c3-short| client authentication with other |cp| components that have HTTP Basic authentication enabled. Basic authentication for |c3-short| =================================== .. include:: ../control-center/includes/rest-api-auth.rst .. include:: ../includes/cp-demo-tip.rst |c3| and other components ========================= .. include:: ../control-center/includes/c3-basic-auth-components.rst