Kafka Settings to Allow Impersonation using JAAS.

  • 27 January 2022
  • 0 replies
  • 8 views

Userlevel 3

We have a customer who is successfully implementing impersonation on a Kafka topic using a combination of SSL and JAAS. We need to verify these settings internally, but we can state that we know of at least one customer using impersonation successfully in a production setting using these settings:

 

These should work using either the Kafka Consumer or Kafka Multitopic Consumer:

 

Configuration Properties:

Property Value
ssl.truststore.location ${truststorelocation}
ssl.truststore.password ${truststorepassword}
sasl.kerberos.service.name kafka
sasl.mechanism GSSAPI
security.protocol SASL_SSL
auto.offset.reset earliest
sasl.jaas.config

com.sun.security.auth.module.Krb5LoginModule required

doNotPrompt="true"

useKeyTab="true"

storeKey="true"

useTicketCache="true"

servicename="kafka"

renewTicket="true"

keyTab=${keytab}

principal=${principal}

client="true";


0 replies

Be the first to reply!

Reply