Configuring authentication with Kerberos and encryption with SSL

Learn how to set up Kerberos authentication and SSL encryption for SRM.

Configuring Kerberos authentication and SSL encryption for SRM can be achieved by adding the appropriate configuration properties to your srm.properties configuration file.

Specify the security protocols:
```
security.protocol = SASL_SSL
```

Specify truststore information:

ssl.truststore.location = /var/private/ssl/kafka.client.truststore.jks
ssl.truststore.password = test1234

Specify the authentication mechanism:
```
sasl.mechanism = GSSAPI
```
Specify the service name:
```
sasl.kerberos.service.name = kafka
```
Configure the JAAS.
You have two options when configuring the JAAS:
1. Embed it in the srm.properties file with the sasl.jaas.config property:
```
sasl.jaas.config = \
 com.sun.security.auth.module.Krb5LoginModule required \ 
     useKeyTab=true \
     keyTab="path/to/keytab file" \
     storeKey=true \
     useTicketCache=false \
     principal="streamsrepmgr@STREAMANALYTICS.COM";
```
2. Create a JAAS configuration file containing the properties and pass its location with the SRM_KERBEROS_OPTS environment variable:
```
export SRM_KERBEROS_OPTS="-Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=/opt/streams-replication-manager/conf/srm-jaas.conf"
```
  For convenience, this and other environment variables can be added to /opt/streams-replication-manager/config/srm-env.sh.