Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Connecting third party tool to Secure Kafka cluster from outside

Labels:
avatar
author-rank smartninja723
Expert Contributor

Created ‎09-15-2016 11:23 AM

Guys,

We have setup Kerberized cluster (HDP 2.4.x) and have setup Kafka Broker(0.9.x) with SASL (kerberization).

What are the steps required to connect third party tool (producers/publishers) to connect to Kafka?

Going through the link : https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_secure-kafka-ambari/content/ch_secure-ka...

What I understand is : this tool needs access to JAAS.conf file. For now I've copied the /usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf and shared with the third party tool and kept on the classpath.

Do we need anything else also in place?

Regards,

SS

3,342 Views
0
1 ACCEPTED SOLUTION

avatar
author-rank bbende author-rank
Master Guru

Created ‎09-15-2016 12:44 PM

Kafka's documentation explains how to configure client's for secure connections with SASL:

http://kafka.apache.org/documentation.html#security_sasl_clientconfig

You need to set a system property on your producer/consumer application to specify the JAAS file:

-Djava.security.auth.login.config=/etc/kafka/kafka_client_jaas.conf

View solution in original post

2,605 Views
0
4 REPLIES 4

avatar
author-rank hkropp
Super Collaborator

Created ‎09-15-2016 11:48 AM

@Smart Solutions could you please check if this article is of any help for you:

https://community.hortonworks.com/content/kbentry/56704/secure-kafka-java-producer-with-kerberos.htm...

2,605 Views

avatar
author-rank bbende author-rank
Master Guru

Created ‎09-15-2016 12:44 PM

Kafka's documentation explains how to configure client's for secure connections with SASL:

http://kafka.apache.org/documentation.html#security_sasl_clientconfig

You need to set a system property on your producer/consumer application to specify the JAAS file:

-Djava.security.auth.login.config=/etc/kafka/kafka_client_jaas.conf

2,606 Views
0

avatar
author-rank smartninja723
Expert Contributor

Created ‎09-15-2016 03:06 PM

Thanks guys,

The missing bit was Kerberbos libraries on the third party machine where we are running the publishing application.

Thanks,

SS

2,605 Views
0 Kudos

avatar
author-rank ranjithgangam1
New Contributor

Created ‎10-20-2017 01:46 PM

@Smart Solutions

I am trying to implement similar thing. I am trying to connect to kafka (0.10) from java producer program outside edge node. I tested my produce program in edge node it is working. But it is not working outside edge node. I have valid kerberos ticket outside edge node and passed jaas_conf file? Can you explain your approach or any example you took as reference.

2,605 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements