Securing Apache Kafka Wire Protocol Service
Describes the security mechanisms that Apache Kafka Wire Protocol Service does and does not support.
Authentication
Starting from Data Access Gateway 5.1, Apache Kafka Wire Protocol Service supports SASL/PLAIN and SSL authentication between clients and file servers.
Authorization
Data Fabric uses ACEs set at the stream level, and Kafka uses ACLs set at the topic level. Apache Kafka Wire Protocol Service does not support Kafka RPCs that involve ACL management. Instead, you must set ACES on streams through the maprcli, MCS, or REST APIs. All topics in a stream inherit the ACEs set on a stream.
You can use mapping rules to map topics from different users into different streams. See Mapping Topics to Streams.
For additional information, see Enabling Table and Stream Authorizations with ACEs and stream create.
On-Wire Encryption
On-wire encryption is not supported in versions of Apache Kafka Wire Protocol Service released prior to Data Access Gateway 5.1.