Learn how to set up Kerberos authentication for SRM.
Configuring authentication with Kerberos for SRM can be achieved by adding the
appropriate configuration properties to your srm.properties
configuration file.
-
Specify the security protocols:
security.protocol = SASL_PLAINTEXT
-
Specify the authentication mechanism:
-
Specify the service name:
sasl.kerberos.service.name = kafka
-
Configure the JAAS.
You have two options when configuring the JAAS:
-
Embed it in the
srm.properties
file with the
sasl.jaas.config
property:
sasl.jaas.config = \
com.sun.security.auth.module.Krb5LoginModule required \
useKeyTab=true \
keyTab="path/to/keytab file" \
storeKey=true \
useTicketCache=false \
principal="streamsrepmgr@STREAMANALYTICS.COM";
-
Create a JAAS configuration file containing the properties and pass its
location with the
SRM_KERBEROS_OPTS
environment
variable:
export SRM_KERBEROS_OPTS="-Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=/opt/streams-replication-manager/conf/srm-jaas.conf"
For convenience, this and other environment variables can be added to
/opt/streams-replication-manager/config/srm-env.sh
.