https://connect.hyland.com/t5/nuxeo-forum/kafka-sasl/m-p/322529#M9530 <P>Hi, You are right for now when using nuxeo.conf to generate the Kafka configuration you can use SASL only when TLS is enabled which is recommended configuration in production. I have created <A href="https://jira.nuxeo.com/browse/NXP-27100" target="test_blank">https://jira.nuxeo.com/browse/NXP-27100</A> for your testing case. In the meantime you can create your own configuration or enable SSL by generating self-signed certificates like here <A href="https://github.com/bdelbosc/nuxeo-stacks/tree/master/roles/common/files/kafkassl" target="test_blank">https://github.com/bdelbosc/nuxeo-stacks/tree/master/roles/common/files/kafkassl</A> Regards ben</P> Thu, 28 Mar 2019 12:04:45 GMT ben_ 2019-03-28T12:04:45Z https://connect.hyland.com/t5/nuxeo-forum/kafka-sasl/m-p/322526#M9527 <P>Folks - regarding <CODE>kafka-config.xml.nxftl</CODE>: Presently, SASL is only enabled if SSL is enabled. (The sasl <CODE>if</CODE> directive is enclosed in the ssl <CODE>if</CODE> directive.) In a local server testing environment, it might be beneficial to configure Kafka for SASL PLAINTEXT (or SCRAM_SHA_nnn) -- to simplify the configuration for development and testing. (In fact, that's what I had tried.) But as <CODE>kafka-config.xml.nxftl</CODE> is presently structured, this isn't possible without supplying a custom contrib. If the if/else statements in the nxftl were structured such that SASL and SSL were independent of one another, then SASL/PLAINTEXT (or SCRAM_SHA_nnn) could be tested without SSL just using nuxeo.conf settings.</P> Wed, 27 Mar 2019 18:51:49 GMT https://connect.hyland.com/t5/nuxeo-forum/kafka-sasl/m-p/322526#M9527 Eric_Ace 2019-03-27T18:51:49Z https://connect.hyland.com/t5/nuxeo-forum/kafka-sasl/m-p/322527#M9528 <P>Hi,</P> <P>I believe the problem you're describing is <A href="https://jira.nuxeo.com/browse/NXP-26746">NXP-26746</A> and has already been fixed.</P> Thu, 28 Mar 2019 10:00:58 GMT https://connect.hyland.com/t5/nuxeo-forum/kafka-sasl/m-p/322527#M9528 Florent_Guillau 2019-03-28T10:00:58Z https://connect.hyland.com/t5/nuxeo-forum/kafka-sasl/m-p/322528#M9529 <P>Thanks - I was describing setting up for sasl-only</P> Thu, 28 Mar 2019 10:52:38 GMT https://connect.hyland.com/t5/nuxeo-forum/kafka-sasl/m-p/322528#M9529 Eric_Ace 2019-03-28T10:52:38Z https://connect.hyland.com/t5/nuxeo-forum/kafka-sasl/m-p/322529#M9530 <P>Hi, You are right for now when using nuxeo.conf to generate the Kafka configuration you can use SASL only when TLS is enabled which is recommended configuration in production. I have created <A href="https://jira.nuxeo.com/browse/NXP-27100" target="test_blank">https://jira.nuxeo.com/browse/NXP-27100</A> for your testing case. In the meantime you can create your own configuration or enable SSL by generating self-signed certificates like here <A href="https://github.com/bdelbosc/nuxeo-stacks/tree/master/roles/common/files/kafkassl" target="test_blank">https://github.com/bdelbosc/nuxeo-stacks/tree/master/roles/common/files/kafkassl</A> Regards ben</P> Thu, 28 Mar 2019 12:04:45 GMT https://connect.hyland.com/t5/nuxeo-forum/kafka-sasl/m-p/322529#M9530 ben_ 2019-03-28T12:04:45Z https://connect.hyland.com/t5/nuxeo-forum/kafka-sasl/m-p/322530#M9531 <P>Thank you.</P> Thu, 28 Mar 2019 13:50:55 GMT https://connect.hyland.com/t5/nuxeo-forum/kafka-sasl/m-p/322530#M9531 Eric_Ace 2019-03-28T13:50:55Z