Cloudera Docs

Configuring custom Kerberos principal for Streams Replication Manager

In a Kerberos-enabled cluster, the Streams Replication Manager (SRM) service uses the streamsrepmgr principal by default. The principal can be configured in Cloudera Manager with the Kerberos Principal property.

The principal specified in the Kerberos Principal property is used by the SRM service (Driver and Service roles) when it establishes a connection with its co-located Kafka cluster. Additionally, this principal is also used for Kerberos-enabled clusters defined with a Kafka credential, but only if there is no specific JAAS configuration set for that cluster.

For example, if you have a Kerberos-enabled external Kafka cluster that you defined with a Kafka credential, but did not specify a JAAS configuration, SRM falls back to using the default JAAS configuration which contains the principal defined in the Kerberos Principal property.

  1. In Cloudera Manager select the SRM service.
  2. Go to Configuration.
  3. Find the Kerberos Principal property and enter the custom Kerberos principal.
  4. Click Save Changes.
  5. Restart the SRM service.
The custom principal used by SRM is configured.
If you use Ranger for authorization, update all resource-based services and policies that use the old principal and add the new principal. For more information on updating resource-based services and policies, see Using Ranger to Provide Authorization in CDP.