Created 05-29-2020 04:02 AM
Hi!
I need to configure an external client for kafka, using keytab.
At the moment, there is an existing external client which authenticate in kafka using this command -Djava.security.auth.login.config=jaas.conf" in a spark-submit.
This jaas.conf file is on a local path of the client, thus leaving me confused.
The content of this jaas.conf file is just like this (with imaginary names):
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/security/keytabs/storm.service.keytab"
storeKey=true
useTicketCache=false
serviceName="kafka"
principal="storm@EXAMPLE.COM"; };
Is it this deployment right? If yes, how should I configure another client?
Created 06-02-2020 04:26 AM
Hello @zanteb ,
Thank you for posting your query.
While you are using with spark-submit you would require to pass the files (jass & keytab) with --files option on spark-submit just like [1]
While doing so, your JAAS and keytab file would be shipped to executors and Application master /Driver (incase of cluster mode)
If your external client is not spark and it is just a standalone java code (example) then you can just go ahead with passing "-Djava.security.auth.login.config=jaas.conf"" while executing the code and file can reside on the same client node
Created 05-30-2025 06:07 AM
How is this configured if using a tool like Informatica DEI? Where do we configure the submission of these files and how we make sure the JAAS path to the keytab is correct?
Thank you
Created 05-30-2025 09:39 AM
@LSIMS As this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post. Thanks.
Regards,
Diana Torres,