Securing Streams Messaging Manager
As a cluster administrator, you can combine Kerberos authentication and Ranger authorization to secure the Streams Messaging Manager (SMM) web user interface (UI). After you secure the SMM web UI, the login page appears, which does not appear by default.
If you deploy SMM without security, the login page is not enabled on the SMM UI by default. When you enable Kerberos authentication, SMM uses SPNEGO to authenticate users and allows them to view or create topics within Kafka by administering Ranger Kafka Policies. For information on enabling browsers to use SPNEGO, see How to Configure Browsers for Kerberos Authentication.
After you secure SMM, anyone within the organization can login to SMM. However, if they do not have the correct policy configuration in Ranger, then they may not have the necessary privileges to perform their required tasks through SMM.
- Configure Kafka in Ranger
For more information, see Configure a resource-based service: Kafka.
- Enable Kerberos authentication for Kafka
For more information, see Enable Kerberos authentication.
- Add and configure SMM
For more information, see Creating your first Streams Messaging cluster.