Connecting to Kafka by using Kerberos authentication

Add security protocol and Kerberos service properties to the Case event emitter JSON file.

Procedure

Add the following properties to the output section of the CaseEventEmitter.json file that is passed to the EnableCaseBAI.py configuration script.
security.protocol
The value is SASL_PLAINTEXT.
sasl.jaas.config
The template is com.ibm.security.auth.module.Krb5LoginModule required useKeytab=\"file:///path to the keytab file\" credsType=both principal=\"kafka/kafka server name@REALM\";.
  1. The useKeytab value is the full path to the Kerberos keytab file.
  2. The principal value is the Kerberos principal, for example user/host@REALM. Here, host is the host of the center for key distribution and REALM is the Kerberos REALM.
sasl.kerberos.service.name
The name of the Kerberos service used by Kafka. This name must match the principal name of the Kafka brokers.

Example

"output" : {
    "default" : {
       "enable" : true,        
       "type" : "kafka",
"topic" : "ibm-bai-ingress",
       "bootstrap.servers" : "kafka bootstrap server : port",
       "security.protocol" : "SASL_PLAINTEXT",
       "sasl.kerberos.service.name" : "kafka",
       "sasl.jaas.config" : "com.ibm.security.auth.module.Krb5LoginModule required useKeytab=\"file:////opt/krb5.keytab\" credsType=both principal=\"kafka/server1@MYREALM\";"
    }
  }
Parent topic: Securing Case emitter communications to Kafka