Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Adeptia Connect supports Simple Authentication and Security Layer (SASL) framework that allows you to use Kerberos authentication to connect to Kafka. 

You can configure the Kafka account to use Kerberos authentication by defining a set of properties in the Addon Configuration field. Follow the steps below to use Kerberos authentication with Kafka.

  1. Click Configure > ACCOUNTS > Kafka.  

  2. Click Create Kafka account
  3. In Create Kafka Account window, do the followings:

    1. In the Name and Description fields, enter the name and description respectively for the new Kafka account.
    2. In the Brokers field, enter the URL of the Kafka brokers, for example, host1:port1,host2:port2.

    3. Leave the default value (PLAINTEXT) as is in the Security Protocol field. This shall be overwritten with what you're going to define in the Addon Configuration field.

    4. In the Addon Configuration field, set the saslMechanism, securityProtocolsaslJaasConfig properties as shown in the following example. 

      Define each property in a new line.

      saslMechanism=GSSAPI
      
      securityProtocol=SASL_SSL
      
      saslJaasConfig=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true debug=true storeKey=true keyTab="<Path to KeyTabffile>" principal="<Principal Name used in keytab>" serviceName="<servicename of broker>";

      The table below describes the properties and their values:

      Property key

      Description

      saslMechanism

      The SASL mechanism used. For the valid values, click here.

      Adeptia Connect uses Kerberos for client authentication through GSSAPI (Generic Security Services Application Program Interface).

      securityProtocol

      Protocol (SASL_SSL) used for communicating with brokers.

      saslJaasConfig

      The property for exposing the Kafka sasl.jaas.config parameters as shown in the example.

    5. Copy “./etc/truststore/cacerts” to “./etc/security/WSkeystore” and rename the file to DefaultTruststore.jks.
    6. In the Select Project field, select the project.
    7. Click Save.
  • No labels