Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Connecting third party tool to Secure Kafka cluster from outside

Solved Go to solution

Connecting third party tool to Secure Kafka cluster from outside

Expert Contributor

Guys,

We have setup Kerberized cluster (HDP 2.4.x) and have setup Kafka Broker(0.9.x) with SASL (kerberization).

What are the steps required to connect third party tool (producers/publishers) to connect to Kafka?

Going through the link : https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_secure-kafka-ambari/content/ch_secure-ka...

What I understand is : this tool needs access to JAAS.conf file. For now I've copied the /usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf and shared with the third party tool and kept on the classpath.

Do we need anything else also in place?

Regards,

SS

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Connecting third party tool to Secure Kafka cluster from outside

Kafka's documentation explains how to configure client's for secure connections with SASL:

http://kafka.apache.org/documentation.html#security_sasl_clientconfig

You need to set a system property on your producer/consumer application to specify the JAAS file:

-Djava.security.auth.login.config=/etc/kafka/kafka_client_jaas.conf

4 REPLIES 4
Highlighted

Re: Connecting third party tool to Secure Kafka cluster from outside

Expert Contributor

Re: Connecting third party tool to Secure Kafka cluster from outside

Kafka's documentation explains how to configure client's for secure connections with SASL:

http://kafka.apache.org/documentation.html#security_sasl_clientconfig

You need to set a system property on your producer/consumer application to specify the JAAS file:

-Djava.security.auth.login.config=/etc/kafka/kafka_client_jaas.conf

Re: Connecting third party tool to Secure Kafka cluster from outside

Expert Contributor

Thanks guys,

The missing bit was Kerberbos libraries on the third party machine where we are running the publishing application.

Thanks,

SS

Re: Connecting third party tool to Secure Kafka cluster from outside

New Contributor

@Smart Solutions

I am trying to implement similar thing. I am trying to connect to kafka (0.10) from java producer program outside edge node. I tested my produce program in edge node it is working. But it is not working outside edge node. I have valid kerberos ticket outside edge node and passed jaas_conf file? Can you explain your approach or any example you took as reference.