All the Kafka clusters created in CDP are secure because TLS is enabled to encrypt
communications between clients and the cluster, and strong authentication is enforced,
requiring clients to authenticate either through Kerberos or LDAP.
In this example, you use LDAP authentication. LDAP authentication is not enabled by
default.
You must have connected to the Kafka host.
-
Provide the client with the
security.protocol and
sasl.mechanism information to indicate the security
protocol and authentication mechanism to use.
-
Provide the client with the
ssl.truststore.location
information which is required for the client to trust the brokers'
certificates.
All the Kafka hosts deployed by CDP have a valid truststore deployed at
/var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks.
You need to use this truststore. Later you look at how to create a truststore
from scratch.
-
Provide the client with the
sasl.jaas.config information which
is the LDAP credentials to use for authentication.
For a detailed explanation on how to configure TLS/SSL and LDAP authentication
for Kafka clients, see Configure Kafka clients.
