SASL Authentication in Confluent Platform

SASL (Simple Authentication Security Layer) is a framework that provides developers of applications and shared libraries with mechanisms for authentication, data integrity-checking, and encryption.

SASL/OAUTHBEARER for authentication

SASL/OAUTHBEARER explains how to use SASL/OAUTHBEARER for authentication in Confluent Platform clusters. SASL/OAUTHBEARER enables the use the OAuth 2 Authorization framework in a SASL context to create and validate JSON web tokens for authentication.

GSSAPI (Kerberos) for authentication

SASL/GSSAPI (Kerberos) explains how to use SASL/GSSAPI for authentication to your Confluent Platform clusters using your Kerberos or Active Directory server.

SASL/PLAIN for authentication

SASL/PLAIN explains how to use SASL/PLAIN for authentication in Confluent Platform clusters. SASL/PLAIN uses a simple username and password for authentication.

SASL/PLAIN (using LDAP) for authentication

LDAP explains how to use LDAP for client authentication across your Confluent Platform clusters that use SASL/PLAIN.

SASL/SCRAM for authentication

SASL/SCRAM explains how to use SASL/SCRAM for authentication in Confluent Platform clusters. SASL/SCRAM uses usernames and passwords stored in ZooKeeper. Credentials are created during installation.

Delegation Tokens (SASL/SSL) for authentication

Delegation Tokens (SASL/SSL) explains how to use delegation tokens for authentication in Confluent Platform clusters. Delegation tokens use a lightweight authentication mechanism that you can use to complement existing SASL/SSL methods. Delegation tokens are shared secrets between Kafka brokers and clients.