Adeptia Connect supports Simple Authentication and Security Layer (SASL) framework that allows you to use Kerberos authentication to connect to Kafka.
You can configure the Kafka account to use Kerberos authentication by defining a set of properties in the Addon Configuration field. Follow the steps below to use Kerberos authentication with Kafka.
Click Configure > ACCOUNTS > Kafka.
- Click Create Kafka account.
In Create Kafka Account window, do the followings:
- In the Name and Description fields, enter the name and description respectively for the new Kafka account.
In the Brokers field, enter the URL of the Kafka brokers, for example, host1:port1,host2:port2.
Leave the default value (PLAINTEXT) as is in the Security Protocol field. This shall be overwritten with what you're going to define in the Addon Configuration field.
In the Addon Configuration field, set the saslMechanism, securityProtocol, saslJaasConfig properties as shown in the following example.
Define each property in a new line.
saslMechanism=GSSAPI securityProtocol=SASL_SSL saslJaasConfig=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true debug=true storeKey=true keyTab="<Path to KeyTabffile>" principal="<Principal Name used in keytab>" serviceName="<servicename of broker>";
The table below describes the properties and their values:
Property key
Description
saslMechanism
The SASL mechanism used. For the valid values, click here.
Adeptia Connect uses Kerberos for client authentication through GSSAPI (Generic Security Services Application Program Interface).
securityProtocol
Protocol (SASL_SSL) used for communicating with brokers.
saslJaasConfig
The property for exposing the Kafka sasl.jaas.config parameters as shown in the example.
- Copy the file from “./etc/truststore/cacerts” to “./etc/security/WSkeystore” and rename it to DefaultTruststore.jks.
- In the Select Project field, select the project.
- Click Save.