Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Connecting third party tool to Secure Kafka cluster from outside

avatar
Expert Contributor

Guys,

We have setup Kerberized cluster (HDP 2.4.x) and have setup Kafka Broker(0.9.x) with SASL (kerberization).

What are the steps required to connect third party tool (producers/publishers) to connect to Kafka?

Going through the link : https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_secure-kafka-ambari/content/ch_secure-ka...

What I understand is : this tool needs access to JAAS.conf file. For now I've copied the /usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf and shared with the third party tool and kept on the classpath.

Do we need anything else also in place?

Regards,

SS

1 ACCEPTED SOLUTION

avatar
Master Guru

Kafka's documentation explains how to configure client's for secure connections with SASL:

http://kafka.apache.org/documentation.html#security_sasl_clientconfig

You need to set a system property on your producer/consumer application to specify the JAAS file:

-Djava.security.auth.login.config=/etc/kafka/kafka_client_jaas.conf

View solution in original post

4 REPLIES 4

avatar
Super Collaborator

avatar
Master Guru

Kafka's documentation explains how to configure client's for secure connections with SASL:

http://kafka.apache.org/documentation.html#security_sasl_clientconfig

You need to set a system property on your producer/consumer application to specify the JAAS file:

-Djava.security.auth.login.config=/etc/kafka/kafka_client_jaas.conf

avatar
Expert Contributor

Thanks guys,

The missing bit was Kerberbos libraries on the third party machine where we are running the publishing application.

Thanks,

SS

avatar
New Contributor

@Smart Solutions

I am trying to implement similar thing. I am trying to connect to kafka (0.10) from java producer program outside edge node. I tested my produce program in edge node it is working. But it is not working outside edge node. I have valid kerberos ticket outside edge node and passed jaas_conf file? Can you explain your approach or any example you took as reference.