Support Questions

Find answers, ask questions, and share your expertise

Does Jaas.conf file needs to be in local path of a client for kafka producer?

avatar
New Contributor

Hi! 

I need to configure an external client for kafka, using keytab.

At the moment, there is an existing external client which authenticate in kafka using this command -Djava.security.auth.login.config=jaas.conf" in a spark-submit.

This jaas.conf file is on a local path of the client, thus leaving me confused.

The content of this jaas.conf file is just like this (with imaginary names):

 

KafkaClient {

com.sun.security.auth.module.Krb5LoginModule required

useKeyTab=true

keyTab="/etc/security/keytabs/storm.service.keytab"

storeKey=true

useTicketCache=false

serviceName="kafka"

principal="storm@EXAMPLE.COM"; }; 

 

Is it this deployment right? If yes, how should I configure another client? 

 

1 REPLY 1

avatar
Expert Contributor

Hello @zanteb ,

 

Thank you for posting your query.

 

While you are using with spark-submit you would require to pass the files (jass & keytab) with --files option on spark-submit just like [1]

 

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/developing-spark-applications/content/running_...

 

While doing so, your JAAS and keytab file would be shipped to executors and Application master /Driver (incase of cluster mode)

 

If your external client is not spark and it is just a standalone java code (example) then you can just go ahead with passing "-Djava.security.auth.login.config=jaas.conf"" while executing the code and file can reside on the same client node

Thanks,
Satz