Kafka Error SECURITY_DISABLED
Error code 54 · Non-retriable Security
Security features are disabled.
Common Causes
- Broker started without security configuration (no listeners configured with SSL/SASL) but client requests a secured operation
- ACL operations attempted on a cluster where `authorizer.class.name` is not set
- Delegation token or quota operations issued against a broker running in unsecured mode
Solutions
- Enable security by configuring a supported authorizer (`org.apache.kafka.metadata.authorizer.StandardAuthorizer` on KRaft clusters, or `kafka.security.authorizer.AclAuthorizer` on older ZooKeeper-based clusters) and SASL/SSL listeners in `server.properties`, then rolling-restart brokers
- If security is intentionally disabled, remove client-side security configurations and avoid issuing secured API calls
- Audit listener config: ensure `listeners` and `advertised.listeners` include a secured protocol (e.g., `SASL_SSL://...`)
Diagnostic Commands
# Check listener config in broker properties
grep -E 'authorizer.class.name|listeners' /path/to/server.properties
# Check cluster-default broker security settings
kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-default --describe | grep -E 'authorizer|listener|sasl|ssl'
Debugging Kafka errors? Conduktor Console gives you real-time visibility into your cluster. Explore all errors in the Error Decoder.