Support Questions

RichardK1967 · ‎08-24-2017

I'm using Cloudera enterprise and Kafka 0.10.x.

To secure Kafka I've enabled Kerberos and configured Kafka to use the SimpleACLAuthorizer which stores ACLs in ZooKeeper. Instead of using this I'd like to check Active Directory instead to determine topic authorization. I can't seem to find an implementation. Does one exist?

pdvorak · ‎09-08-2017

Your best bet would to use sentry to provide the authorization with kerberos and AD. You can use sssd on the linux nodes to make the AD users and groups available to kafka:

https://www.cloudera.com/documentation/enterprise/latest/topics/sg_auth_overview.html

https://www.cloudera.com/documentation/kafka/latest/topics/kafka_security.html

-pd

View solution in original post

pdvorak · ‎09-08-2017

Your best bet would to use sentry to provide the authorization with kerberos and AD. You can use sssd on the linux nodes to make the AD users and groups available to kafka:

https://www.cloudera.com/documentation/enterprise/latest/topics/sg_auth_overview.html

https://www.cloudera.com/documentation/kafka/latest/topics/kafka_security.html

-pd

Cloudera Community

Support Questions

Kafka ACL authorizer for Active Directory