Examples of various security configurations

[mhowlett]

It would be good to have some copy/paste security config examples in .net. Also, some 'recipes' for converting java configuration into the equivalent .net configuration.

For now:

I've done some draft notes on SSL here: https://github.com/mhowlett/confluent-kafka-dotnet/tree/security/examples/Security

@petersonnek has some good information on kerberos over in #384

librdkafka docs are here:

• https://github.com/edenhill/librdkafka/wiki/Using-SSL-with-librdkafka
• https://github.com/edenhill/librdkafka/wiki/Using-SASL-with-librdkafka
• https://kafka.apache.org/documentation/#security
• https://github.com/edenhill/librdkafka/blob/master/CONFIGURATION.md

[vchekan]

Also to the mix: production grade configuration: (how to handle errors, which errors are recoverable and which are not) Production reliability configuration (how to configure at-least-once and guarantied order delivery). Very important because by default configuration can drop messages or deliver out of order.

[mhowlett]

@vchekan - noted, we agree.

[saherahwal]

this is still open and wondering if there will be any more examples and progress ?

@mhowlett we are building .net core Kafka client that can be run on Windows and Linux. What is the best approach for SASL+Kerberos security implementation?

Can we create keytab on Windows?

[edenhill]

confluent-kafka-dotnet (through the underyling librdkafka library) currently only supports GSSAPI through SSPI with the currently logged on user's credentials, keytabs are not supported.

[baburajpb]

@edenhill does confluent-kafka-dotnet support Kerberos Cache file instead of keytab file for GSSAPI authentication?