2

I am new to Apache Kafka, and here is what I have done so far,

  1. Downloaded kafka_2.12-2.1.0

  2. Make Batch file for Zookeeper to run zookeeper server:

    start kafka_2.12-2.1.0.\bin\windows\zookeeper-server-start.bat kafka_2.12-2.1.0.\config\zookeeper.properties

  3. Make Batch File for Apache Kafka server

    start kafka_2.12-2.1.0\bin\windows\kafka-server-start.bat kafka_2.12-2.1.0\config\server.properties

  4. Started A Producer using batch file.

    start kafka_2.12-2.1.0.\bin\windows\kafka-console-producer.bat --broker-list localhost:9092 --topic 3drocket-player

It is running fine but now I am looking for authentication. As I have to implement a consumer with specific auth settings (requirement by the client). Like security protocol is SASL_SSL and SSL mechanism is GSSAPI. For this reason, I tried to search and find confluet documentation but the problem is it is too abstract that how to take each and every step.

I am looking for detail configuration steps according to my setup. How to configure my kafka server with SASL SSL and GSSAPI protocol. Initially I found that GSSAPI/Keberos has a separate server then, do i need to install more server? Within Confluent Kafka is there any built-in solution.

Improve this question
2

2 Answers 2

Reset to default
0

Configure a SASL port in server.properties

e.g)

listeners=SASL_SSL://host.name:port
security.inter.broker.protocol=SASL_SSL
sasl.mechanism.inter.broker.protocol=GSSAPI
sasl.enabled.mechanisms=GSSAPI
sasl.kerberos.service.name=kafka
ssl.keystore.location=/path/to/keystore.jks
ssl.keystore.password=keystore_password
ssl.truststore.location=/path/to/truststore.jks
ssl.truststore.password=truststore_password
ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1

https://kafka.apache.org/documentation/#security_configbroker https://kafka.apache.org/documentation/#security_sasl_config

Client: When you run the Kafka client, you need to set these properties.

security.protocol=SASL_SSL
ssl.truststore.location=/path/to/truststore.jks
ssl.truststore.password=truststore_password
sasl.mechanism=GSSAPI
sasl.kerberos.service.name=kafka

https://kafka.apache.org/documentation/#security_configclients https://kafka.apache.org/documentation/#security_sasl_kerberos_clientconfig

Then configure the JAAS configuration

KafkaClient {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="path/to/kafka_client.keytab"
   storeKey=true
   useTicketCache=false
   principal="[email protected]";
};
Improve this answer
3
0

... SASL/GSSAPI is for organizations using Kerberos (for example, by using Active Directory). You don’t need to install a new server just for Apache Kafka®. Ask your Kerberos administrator for a principal for each Kafka broker in your cluster and for every operating system user that will access Kafka with Kerberos authentication (via clients and tools). https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_gssapi.html#kafka-sasl-auth-gssapi ....

Improve this answer
1
  • From Review: Hi, while links are great way of sharing knowledge, they won't really answer the question if they get broken in the future. Add to your answer the essential content of the link which answers the question. In case the content is too complex or too big to fit here, describe the general idea of the proposed solution. Remember to always keep a link reference to the original solution's website. See: How do I write a good answer?
    – sɐunıɔןɐqɐp
    Commented Jun 4, 2020 at 17:04

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.