Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Does Jaas.conf file needs to be in local path of a client for kafka producer?

Labels:
avatar
author-rank zanteb
New Contributor

Created ‎05-29-2020 04:02 AM

Hi! 

I need to configure an external client for kafka, using keytab.

At the moment, there is an existing external client which authenticate in kafka using this command -Djava.security.auth.login.config=jaas.conf" in a spark-submit.

This jaas.conf file is on a local path of the client, thus leaving me confused.

The content of this jaas.conf file is just like this (with imaginary names):

 

KafkaClient {

com.sun.security.auth.module.Krb5LoginModule required

useKeyTab=true

keyTab="/etc/security/keytabs/storm.service.keytab"

storeKey=true

useTicketCache=false

serviceName="kafka"

principal="storm@EXAMPLE.COM"; }; 

 

Is it this deployment right? If yes, how should I configure another client? 

 

4,328 Views
0 Kudos
3 REPLIES 3

avatar
author-rank satz author-rank
Expert Contributor

Created ‎06-02-2020 04:26 AM

Hello @zanteb ,

 

Thank you for posting your query.

 

While you are using with spark-submit you would require to pass the files (jass & keytab) with --files option on spark-submit just like [1]

 

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/developing-spark-applications/content/running_...

 

While doing so, your JAAS and keytab file would be shipped to executors and Application master /Driver (incase of cluster mode)

 

If your external client is not spark and it is just a standalone java code (example) then you can just go ahead with passing "-Djava.security.auth.login.config=jaas.conf"" while executing the code and file can reside on the same client node

Thanks,
Satz
4,298 Views
0 Kudos

avatar
author-rank LSIMS
Explorer

Created ‎05-30-2025 06:07 AM

How is this configured if using a tool like Informatica DEI? Where do we configure the submission of these files and how we make sure the JAAS path to the keytab is correct?

Thank you

541 Views
0 Kudos

avatar
author-rank DianaTorres author-rank
Community Manager

Created ‎05-30-2025 09:39 AM

@LSIMS As this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post. Thanks.

Regards,

Diana Torres,
Senior Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
525 Views
0 Kudos
Announcements
Community Announcements
July 2025 Community Highlights
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
Join Us at CommunityOverCode Asia 2025: Exploring the Future...
What's New @ Cloudera
Announcing Cloudera Surveyor with Cloudera Streams Messaging...
What's New @ Cloudera
Cloudera Data Engineering Adds Suspend and Resume, Git Integ...
View More Announcements