Support Questions

Find answers, ask questions, and share your expertise

Does Jaas.conf file needs to be in local path of a client for kafka producer?

avatar
New Contributor

Hi! 

I need to configure an external client for kafka, using keytab.

At the moment, there is an existing external client which authenticate in kafka using this command -Djava.security.auth.login.config=jaas.conf" in a spark-submit.

This jaas.conf file is on a local path of the client, thus leaving me confused.

The content of this jaas.conf file is just like this (with imaginary names):

 

KafkaClient {

com.sun.security.auth.module.Krb5LoginModule required

useKeyTab=true

keyTab="/etc/security/keytabs/storm.service.keytab"

storeKey=true

useTicketCache=false

serviceName="kafka"

principal="storm@EXAMPLE.COM"; }; 

 

Is it this deployment right? If yes, how should I configure another client? 

 

3 REPLIES 3

avatar
Expert Contributor

Hello @zanteb ,

 

Thank you for posting your query.

 

While you are using with spark-submit you would require to pass the files (jass & keytab) with --files option on spark-submit just like [1]

 

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/developing-spark-applications/content/running_...

 

While doing so, your JAAS and keytab file would be shipped to executors and Application master /Driver (incase of cluster mode)

 

If your external client is not spark and it is just a standalone java code (example) then you can just go ahead with passing "-Djava.security.auth.login.config=jaas.conf"" while executing the code and file can reside on the same client node

Thanks,
Satz

avatar
Explorer

How is this configured if using a tool like Informatica DEI? Where do we configure the submission of these files and how we make sure the JAAS path to the keytab is correct?

Thank you

avatar
Community Manager

@LSIMS As this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post. Thanks.


Regards,

Diana Torres,
Senior Community Moderator


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community: