kafka with kerberos instance

Others 2022-04-20 23:23:23 views: 0

There are some points when test follow http://www.cnblogs.com/dongxiao-yang/p/7131626.html:
 

When setup kafka broker, you need to more:

1. create configuration file krb5.conf(the ip below is KDC)

[libdefaults]
    default_realm = LINKTIME.CLOUD

[realms]
    LINKTIME.CLOUD = {
        kdc = 192.168.206.119:8800
        admin_server = 192.168.206.109:7490
    }

 

2.   update PLAINTEXT to SASL_PLAINTEXT in server.properties 

listeners=SASL_PLAINTEXT://__CONTAINER_IP__:9092
advertised.listeners=SASL_PLAINTEXT://__KAFKA_VIP_HOST__:9092


usage of command-line for kafka-console-producer/kafka-console-consumer/...

1. create configuration file krb5.conf(the ip below is KDC) at /etc

[libdefaults]
    default_realm = LINKTIME.CLOUD

[realms]
    LINKTIME.CLOUD = {
        kdc = 192.168.206.119:8800
        admin_server = 192.168.206.109:7490
    }

2.  generate keytab file

kadmin.local -q "addprinc -pw 123456 [email protected]
ktutil  \enter
addent -password -p [email protected] -k 1 -e aes256-cts-hmac-sha1-96    \enter
write_kt kafka-client.keytab

 

3. kinit kafka-client.keytab

kinit [email protected] -l "1000d 0h 0m 0s" -k -t /root/kafka-client.keytab

 

4. create kafka_client_jaas.conf

KafkaClient {
    com.sun.security.auth.module.Krb5LoginModule required
    useTicketCache=true;
};


// If zookeeper open kerberos authentication, the follow need to add here
// Zookeeper client authentication
Client {
  com.sun.security.auth.module.Krb5LoginModule required
  useKeyTab=true
  storeKey=true
  keyTab="/root/kafka-client.keytab"
  principal="[email protected]";
};

 

5. setup JVM parameter of JAAS configuration and krb5

export KAFKA_OPTS='-Djava.security.auth.login.config=/root/kafka_client_jaas.conf -Djava.security.krb5.conf=/etc/krb5.conf'

 

6. create client.properties

security.protocol=SASL_PLAINTEXT
sasl.kerberos.service.name=kafka
sasl.mechanism=GSSAPI

 

7. command with client.properties

bin/kafka-consumer-groups.sh --bootstrap-server kafkahost1:9092 --list --command-config client.properties
bin/kafka-console-producer.sh --broker-list kafkahost1:9092 --topic dxTT --producer.config client.properties
bin/kafka-console-consumer.sh --bootstrap-server kafkahost1:9092 --topic dxTT --consumer.config client.properties

 

More references:

http://kafka.apache.org/documentation/#security_jaas_broker
https://docs.confluent.io/3.2.1/kafka/sasl.html#authentication-using-sasl-kerberos
http://www.cnblogs.com/xiaodf/p/5968086.html
http://www.cnblogs.com/dongxiao-yang/p/7131626.html

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=324454371&siteId=291194637
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com