Versions Compared

Old Version 1

changes.mady.by.user Harsha

Saved on

compared with

New Version 2

changes.mady.by.user Harsha

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Proposed JAAS Login config file will look like this


```code
KafkaServer {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/keytabs/kafka.keytab"
storeKey=true
useTicketCache=true
principal="kafka/_HOST@EXAMPLE.COM";
};

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/vagrant/keytabs/storm.keytab"
storeKey=true
useTicketCache=false
serviceName="zookeeper"
principal="kafka@EXAMPLE.COM";
}
```

KafkaServer will be used to authenticate Kafka broker against kerberos
and Client section will be used for zkClient to access kerberos enabled zookeeper cluster.```code


KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/keytabs/kafka.keytab"
storeKey=true
useTicketCache=true
serviceName="kafka"
principal="kafkaproducer/_HOST@EXAMPLE.COM";
};
```

The above config is for any client ( producer, consumer) connecting to kerberos enabled Kafka cluster.
Here serviceName must match the principal name used under KafkaServer.

...