Connecting to Kafka by using Kerberos authentication

Create a dedicated keystore and truststore, and pass the properties for Kerberos authentication.

Procedure

  1. Create and configure a dedicated keystore and truststore to hold the key and certificates that are required to establish the SSL connection.

    Details of the procedure are provided in Generating a keystore and truststore for the BPMN event emitter.

  2. Add the following properties to the .properties file that is passed to the EnableBAI.py configuration script.
    keytab
    The full path to the Kerberos keytab file.
    krb5Principal
    The Kerberos principal, for example user/host@MYREALM.
    realm
    The Kerberos REALM.
    kdc
    The host of the center for key distribution.
    kerberosServiceName
    The name of the Kerberos service used by Kafka. This name must match the principal name of the Kafka brokers.

Example

type=kerberos

# Kerberos
keytab=<full path to kerberos keytab file>
krb5Principal=<kerberos principal>
realm=<kerberos REALM>
kdc=<kerberos Key Distribution Center host>
kerberosServiceName=<kerberos service name used by Kafka>
Parent topic: Securing BPMN emitter communications to Kafka