.. _http-basic-auth: HTTP Basic Auth =============== You can add HTTP basic authentication to these |cp| components: - :ref:`basic-auth-c3` - :ref:`basic-auth-crest` - :ref:`basic-auth-kconnect` - :ref:`basic-auth-ksql` - :ref:`Schema Registry ` .. _basic-auth-c3: |c3-short| REST API ^^^^^^^^^^^^^^^^^^^ .. include:: ../control-center/includes/rest-api-auth.rst .. include:: ../includes/cp-demo-tip.rst .. _basic-auth-crest: |crest| ^^^^^^^ #. Add the following configuration to your |crest| properties file (``etc/kafka-rest/kafka-rest.properties``): :: authentication.method=BASIC authentication.realm=KafkaServer authentication.roles=thisismyrole #. Create a JAAS configuration file. For an example, see ``etc/kafka-rest/etc/kafka-rest/rest-jaas.properties``: :: KafkaServer { org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required debug="true" file="/etc/kafka-rest/password.properties"; }; .. tip:: ``KafkaServer`` is in line with the realm specified as ``authentication.realm`` in ``kafka-rest.properties``. #. Create a password properties file (``/etc/kafka-rest/password.properties``). For example: :: thisismyusername: thisismypass,thisismyrole #. Start |crest| with HTTP Basic auth: :: KAFKAREST_OPTS="-Djava.security.auth.login.config=/etc/kafka-rest/rest-jaas.properties" \ bin/kafka-rest-start etc/kafka-rest/kafka-rest.properties #. Configure HTTPS for the |crest| interface. #. Login to your |crest| with the username ``thisismyusername`` and the password ``thisismypass``. The password in your ``password.properties`` file can also be hashed. For more information, see `this link `__. .. _basic-auth-kconnect: |kconnect| REST API ^^^^^^^^^^^^^^^^^^^ #. Add the following configuration to your |kconnect| worker properties file (``etc/kafka/connect-distributed.propertes``): :: rest.extension.classes=org.apache.kafka.connect.rest.basic.auth.extension.BasicAuthSecurityRestExtension #. Create a JAAS configuration file. Your authentication realm is hardcoded to ``KafkaConnect``, so your JAAS must look like this: :: KafkaConnect { org.apache.kafka.connect.rest.basic.auth.extension.PropertyFileLoginModule required file="/etc/kafka/connect.password"; }; #. Export ``KAFKA_OPTS`` with the path to the JAAS configuration file: :: export KAFKA_OPTS="-Djava.security.auth.login.config=" #. Create a password properties file (``/etc/kafka/connect.password``). For example: :: thisismyusername: thisismypass,thisismyrole .. _basic-auth-ksql: KSQL ^^^^ #. Add the following configuration in your KSQL properties file (``etc/ksql/ksql-server.properties``): :: authentication.method=BASIC authentication.roles=admin,developer,user,ksq-user authentication.realm=KsqlServer-Props #. Create a JAAS file (``jaas_config.file``): :: KsqlServer-Props { org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required file="/path/to/password-file" debug="false"; }; #. Create a password properties file (``/etc/ksql/password-file``): :: fred: OBF:1w8t1tvf1w261w8v1w1c1tvn1w8x,user,admin harry: changeme,user,developer tom: MD5:164c88b302622e17050af52c89945d44,user dick: CRYPT:adpexzg3FUZAk,admin,ksq-user #. Export the JAAS file: :: export KSQL_OPTS=-Djava.security.auth.login.config=/path/to/the/jaas_config.file #. Start the KSQL server: :: /bin/ksql-server-start /etc/ksql/ksql-server.properties For more information, see :ref:`basic-ksql-http`. .. _basic-auth-sr: Schema Registry ^^^^^^^^^^^^^^^ .. include:: ../schema-registry/includes/basic-auth.rst For more information, see :ref:`schemaregistry_security`.