Configuring authentication with Kerberos and encryption with SSL

Learn how to set up Kerberos authentication and SSL encryption for SRM.

Configuring Kerberos authentication and SSL encryption for SRM can be achieved by adding the appropriate configuration properties to your configuration file.

  1. Specify the security protocols:
    security.protocol = SASL_SSL
  2. Specify truststore information:
    ssl.truststore.location = /var/private/ssl/kafka.client.truststore.jks
    ssl.truststore.password = test1234
  3. Specify the authentication mechanism:
    sasl.mechanism = GSSAPI
  4. Specify the service name: = kafka
  5. Configure the JAAS.
    You have two options when configuring the JAAS:
    1. Embed it in the file with the sasl.jaas.config property:
      sasl.jaas.config = \ required \ 
           useKeyTab=true \
           keyTab="path/to/keytab file" \
           storeKey=true \
           useTicketCache=false \
    2. Create a JAAS configuration file containing the properties and pass its location with the SRM_KERBEROS_OPTS environment variable:
      export SRM_KERBEROS_OPTS=""

      For convenience, this and other environment variables can be added to /opt/streams-replication-manager/config/