Support Questions
Find answers, ask questions, and share your expertise

Kafka ACL authorizer for Active Directory

I'm using Cloudera enterprise and Kafka 0.10.x.

 

To secure Kafka I've enabled Kerberos and configured Kafka to use the SimpleACLAuthorizer which stores ACLs in ZooKeeper.  Instead of using this I'd like to check Active Directory instead to determine topic authorization.  I can't seem to find an implementation.  Does one exist?

 

1 ACCEPTED SOLUTION

Accepted Solutions

Super Collaborator
Your best bet would to use sentry to provide the authorization with kerberos and AD. You can use sssd on the linux nodes to make the AD users and groups available to kafka:

https://www.cloudera.com/documentation/enterprise/latest/topics/sg_auth_overview.html

https://www.cloudera.com/documentation/kafka/latest/topics/kafka_security.html

-pd

View solution in original post

1 REPLY 1

Super Collaborator
Your best bet would to use sentry to provide the authorization with kerberos and AD. You can use sssd on the linux nodes to make the AD users and groups available to kafka:

https://www.cloudera.com/documentation/enterprise/latest/topics/sg_auth_overview.html

https://www.cloudera.com/documentation/kafka/latest/topics/kafka_security.html

-pd

View solution in original post