Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Does Jaas.conf file needs to be in local path of a client for kafka producer?

Does Jaas.conf file needs to be in local path of a client for kafka producer?

New Contributor

Hi! 

I need to configure an external client for kafka, using keytab.

At the moment, there is an existing external client which authenticate in kafka using this command -Djava.security.auth.login.config=jaas.conf" in a spark-submit.

This jaas.conf file is on a local path of the client, thus leaving me confused.

The content of this jaas.conf file is just like this (with imaginary names):

 

KafkaClient {

com.sun.security.auth.module.Krb5LoginModule required

useKeyTab=true

keyTab="/etc/security/keytabs/storm.service.keytab"

storeKey=true

useTicketCache=false

serviceName="kafka"

principal="storm@EXAMPLE.COM"; }; 

 

Is it this deployment right? If yes, how should I configure another client? 

 

1 REPLY 1
Highlighted

Re: Does Jaas.conf file needs to be in local path of a client for kafka producer?

Expert Contributor

Hello @zanteb ,

 

Thank you for posting your query.

 

While you are using with spark-submit you would require to pass the files (jass & keytab) with --files option on spark-submit just like [1]

 

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/developing-spark-applications/content/running_...

 

While doing so, your JAAS and keytab file would be shipped to executors and Application master /Driver (incase of cluster mode)

 

If your external client is not spark and it is just a standalone java code (example) then you can just go ahead with passing "-Djava.security.auth.login.config=jaas.conf"" while executing the code and file can reside on the same client node

Thanks,
Satz
Don't have an account?
Coming from Hortonworks? Activate your account here