Cloudera Docs

Configuring Kerberos properties

The SRM client’s secure storage is automatically populated with the sensitive properties needed by the srm-control tool to access clusters defined with Kafka credentials. However, if the co-located cluster uses Kerberos and was defined with a service dependency, its Kerberos properties must be configured and added to the secure storage manually.

  • Ensure that you have reviewed the information available in Configuring srm-control and understand that the following step list is only one part of the full configuration workflow. Depending on your scenario, completing other configuration tasks might be required.

  • Ensure that setup and configuration of the SRM service is complete:

    • The Kafka clusters that SRM connects to are defined and are added to the SRM service’s configuration. This includes both external and co-located clusters.

    • Replications are configured.

  1. In Cloudera Manager, go to Clusters and select the Streams Replication Manager service.
  2. Go to Configuration.
  3. Click Gateway in the Filters pane.
  4. Find and configure the following properties:
    SRM Client's Kerberos Principal Name
    The kerberos principal that the tool uses for authentication when connecting to the co-located Kafka cluster.
    SRM Client's Kerberos Keytab Location
    The path to the Kerberos keytab file that the tool uses for authentication when connecting to the co-located Kafka cluster.
  5. Click Save Changes.
  6. Re-deploy client configuration.
Continue with Setting the secure storage password as an environment variable.