Use Fastcapa in a Kerberized Environment

You can use the Fastcapa probe in a Kerberized environment.

The following task assumes that you have configured the following values. If necessary, change these values to match your environment.

The Kafka broker is at kafka1:6667.

ZooKeeper is at zookeeper1:2181.

The Kafka security protocol is SASL_PLAINTEXT.

The keytab used is located at /etc/security/keytabs/metron.headless.keytab.

The service principal is metron@EXAMPLE.COM.

  1. Build Librdkafka with SASL support (--enable-sasl):
    wget  -O - | tar -xz
    cd librdkafka-0.9.4/
    ./configure --prefix=$RDK_PREFIX --enable-sasl
    make install
  2. Verify that Librdkafka supports SASL:
    $ examples/rdkafka_example -X builtin.features
    builtin.features = gzip,snappy,ssl,sasl,regex
  3. If Librdkafka does not support SASL, install libsasl or libsasl2. Use the following command to install libsasl on your CentOS environment:
    yum install -y cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi
  4. Grant access to your Kafka topic (in this example, named pcap):
    $KAFKA_HOME/bin/ --authorizer \
      --authorizer-properties zookeeper.connect=zookeeper1:2181 \
      --add --allow-principal User:metron --topic pcap
  5. Obtain a Kerberos ticket:
    kinit -kt /etc/security/keytabs/metron.headless.keytab metron@EXAMPLE.COM
  6. Add the following additional configuration values to your Fastcapa configuration file:
    security.protocol = SASL_PLAINTEXT
    sasl.kerberos.keytab = /etc/security/keytabs/metron.headless.keytab
    sasl.kerberos.principal = metron@EXAMPLE.COM
  7. Run Fastcapa