Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

Kafka ACL authorizer for Active Directory

I'm using Cloudera enterprise and Kafka 0.10.x.

 

To secure Kafka I've enabled Kerberos and configured Kafka to use the SimpleACLAuthorizer which stores ACLs in ZooKeeper.  Instead of using this I'd like to check Active Directory instead to determine topic authorization.  I can't seem to find an implementation.  Does one exist?

 

1 ACCEPTED SOLUTION

Super Collaborator
Your best bet would to use sentry to provide the authorization with kerberos and AD. You can use sssd on the linux nodes to make the AD users and groups available to kafka:

https://www.cloudera.com/documentation/enterprise/latest/topics/sg_auth_overview.html

https://www.cloudera.com/documentation/kafka/latest/topics/kafka_security.html

-pd

View solution in original post

1 REPLY 1

Super Collaborator
Your best bet would to use sentry to provide the authorization with kerberos and AD. You can use sssd on the linux nodes to make the AD users and groups available to kafka:

https://www.cloudera.com/documentation/enterprise/latest/topics/sg_auth_overview.html

https://www.cloudera.com/documentation/kafka/latest/topics/kafka_security.html

-pd