Versions Compared

Old Version 1

changes.mady.by.user Ashhad Alam

Saved on

compared with

New Version Current

changes.mady.by.user Ashhad Alam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Corrected links that should have been relative instead of absolute.

To use Kerberos Authentication over SASL while connecting to Kafka server, you need to define a Kafka account with details as discussed belowAdeptia Connect supports Simple Authentication and Security Layer (SASL) framework that allows you to use Kerberos authentication to connect to Kafka. 

You can configure the Kafka account to use Kerberos authentication by defining a set of properties in the Addon Configuration field. Follow the steps below to use Kerberos authentication with Kafka.

  1. Click Configure > ACCOUNTS > Kafka.  

  2. Click Create Kafka account

  3. In Create Kafka Account window, do the followings:

    Image Removed

    Image Added

    1. In the Name and Description fields, enter the name and description respectively for the new Kafka account.

    2. In the 

      Broker

      Brokers field, enter the URL of the Kafka brokers, for example, host1:port1,host2:port2.

    3. In the Security Protocol field, enter SSL to communicate with brokers.

    4. Copy “./etc/truststore/cacerts” to “./etc/security/WSkeystore” and rename the file to DefaultTruststore.jks

      Leave the default value (PLAINTEXT) as is in the Security Protocol field. This shall be overwritten with what you're going to define in the Addon Configuration field.

    5. In the Addon Configuration field, set the following properties saslMechanism, securityProtocolsaslJaasConfig properties as shown in the following example. 

      Define each property in a new line.

      No Format
      saslMechanism=GSSAPI

securityProtocol=SASL_SSL

saslJaasConfig=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true debug=true storeKey=true keyTab="<Path to KeyTabffile> " principal="<Principal Name used in keytab> " serviceName="<servicename of broker>";

      The table below describes the properties and their values:

      Property key

      Description

      saslMechanism

      The SASL mechanism used. For the valid values, click here.

      Adeptia Connect uses Kerberos for client authentication through GSSAPI (Generic Security Services Application Program Interface).

      securityProtocol

      Protocol (SASL_SSL) used for communicating with brokers.

      saslJaasConfig

      The property for exposing the Kafka sasl.jaas.config parameters as shown in the example.


    6. Copy “./etc/truststore/cacerts” to “./etc/security/WSkeystore” and rename the file to DefaultTruststore.jks.
    7. In the Select Project field, select the project.
    8. Click Save.