Connecting to Kafka by using Kerberos authentication
Add security protocol and Kerberos service properties to the Case event emitter JSON file.
Procedure
Add the following properties to the output section of the
CaseEventEmitter.json file that is passed to the
EnableCaseBAI.py configuration script.
- security.protocol
- The value is SASL_PLAINTEXT.
- sasl.jaas.config
- The template is com.ibm.security.auth.module.Krb5LoginModule required
useKeytab=\"file:///path to the keytab file\" credsType=both principal=\"kafka/kafka server
name@REALM\";.
- The useKeytab value is the full path to the Kerberos keytab file.
- The principal value is the Kerberos principal, for example user/host@REALM. Here, host is the host of the center for key distribution and REALM is the Kerberos REALM.
- sasl.kerberos.service.name
- The name of the Kerberos service used by Kafka. This name must match the principal name of the Kafka brokers.
Example
"output" : {
"default" : {
"enable" : true,
"type" : "kafka",
"topic" : "ibm-bai-ingress",
"bootstrap.servers" : "kafka bootstrap server : port",
"security.protocol" : "SASL_PLAINTEXT",
"sasl.kerberos.service.name" : "kafka",
"sasl.jaas.config" : "com.ibm.security.auth.module.Krb5LoginModule required useKeytab=\"file:////opt/krb5.keytab\" credsType=both principal=\"kafka/server1@MYREALM\";"
}
}