Support Questions

zanteb · ‎05-29-2020

Hi!

I need to configure an external client for kafka, using keytab.

At the moment, there is an existing external client which authenticate in kafka using this command -Djava.security.auth.login.config=jaas.conf" in a spark-submit.

This jaas.conf file is on a local path of the client, thus leaving me confused.

The content of this jaas.conf file is just like this (with imaginary names):

KafkaClient {

com.sun.security.auth.module.Krb5LoginModule required

useKeyTab=true

keyTab="/etc/security/keytabs/storm.service.keytab"

storeKey=true

useTicketCache=false

serviceName="kafka"

principal="storm@EXAMPLE.COM"; };

Is it this deployment right? If yes, how should I configure another client?

satz · ‎06-02-2020

Hello @zanteb ,

Thank you for posting your query.

While you are using with spark-submit you would require to pass the files (jass & keytab) with --files option on spark-submit just like [1]

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/developing-spark-applications/content/running_...

While doing so, your JAAS and keytab file would be shipped to executors and Application master /Driver (incase of cluster mode)

If your external client is not spark and it is just a standalone java code (example) then you can just go ahead with passing "-Djava.security.auth.login.config=jaas.conf"" while executing the code and file can reside on the same client node

Thanks,
Satz

Cloudera Community

Support Questions

Does Jaas.conf file needs to be in local path of a client for kafka producer?