Create a dedicated keystore and truststore, and pass the properties for Kerberos
authentication.
Procedure
- Create and configure a dedicated keystore and truststore to hold the key and certificates that
are required to establish the SSL connection.
Details of the procedure are provided in Generating a keystore and truststore for the BPMN event emitter.
- Add the following properties to the .properties file that is passed to the
EnableBAI.py configuration script.
- keytab
- The full path to the Kerberos keytab file.
- krb5Principal
- The Kerberos principal, for example user/host@MYREALM.
- realm
- The Kerberos REALM.
- kdc
- The host of the center for key distribution.
- kerberosServiceName
- The name of the Kerberos service used by Kafka. This name must match the principal name of the
Kafka brokers.
Example
type=kerberos
# Kerberos
keytab=<full path to kerberos keytab file>
krb5Principal=<kerberos principal>
realm=<kerberos REALM>
kdc=<kerberos Key Distribution Center host>
kerberosServiceName=<kerberos service name used by Kafka>