Support Questions

Find answers, ask questions, and share your expertise

Kafka ACL authorizer for Active Directory

avatar

I'm using Cloudera enterprise and Kafka 0.10.x.

 

To secure Kafka I've enabled Kerberos and configured Kafka to use the SimpleACLAuthorizer which stores ACLs in ZooKeeper.  Instead of using this I'd like to check Active Directory instead to determine topic authorization.  I can't seem to find an implementation.  Does one exist?

 

1 ACCEPTED SOLUTION

avatar
Your best bet would to use sentry to provide the authorization with kerberos and AD. You can use sssd on the linux nodes to make the AD users and groups available to kafka:

https://www.cloudera.com/documentation/enterprise/latest/topics/sg_auth_overview.html

https://www.cloudera.com/documentation/kafka/latest/topics/kafka_security.html

-pd

View solution in original post

1 REPLY 1

avatar
Your best bet would to use sentry to provide the authorization with kerberos and AD. You can use sssd on the linux nodes to make the AD users and groups available to kafka:

https://www.cloudera.com/documentation/enterprise/latest/topics/sg_auth_overview.html

https://www.cloudera.com/documentation/kafka/latest/topics/kafka_security.html

-pd