kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raghav <raghavas...@gmail.com>
Subject Re: Setup Kerberos for Kafka on Ubuntu Linux
Date Fri, 30 Dec 2016 17:26:52 GMT
Thanks Gerrit, let me try the pointers you mentioned above. Thanks a lot
for your help.

On Fri, Dec 30, 2016 at 8:57 AM, Gerrit Jansen van Vuuren <
gerritjvv@gmail.com> wrote:

> also, before tinkering with Kerberos, I'd advise to read the first 4
> chapters of "Kerberos: The Definite Guide"
> https://www.amazon.com/Kerberos-Definitive-Guide-
> Jason-Garman/dp/0596004036/ref=sr_1_1?ie=UTF8&qid=
> 1483116842&sr=8-1&keywords=kerberos
>
> It helped me and after a week of reading I could get started working on
> using kerberos without getting senselessly frustrated all the time.
>
>
>
> On Fri, Dec 30, 2016 at 5:49 PM, Gerrit Jansen van Vuuren <
> gerritjvv@gmail.com> wrote:
>
> > make sure kafka1 is the FQN and that the server kafka1 can resolve
> > properly from you're kerberos server, EXAMPLE.COM should be a realm that
> > is configured in krb5.conf and kdc.conf, with the adequate domain
> mappings
> > for kafka1 to this realm.
> >
> > Kerberos is a pain and there are tons of stuff that can go wrong :)
> >
> > As part of adding kerberos to the kafka-clj connector I've setup a
> Vagrant
> > build that creates kerberos and kafka kerberised instances, this may help
> > you getting started if all you're looking for is testing kafka with
> > kerberos.
> >
> > https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka-
> > clj/doc/vagrant.md
> >
> > https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka-
> > clj/Vagrantfile
> > See https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka-
> > clj/vagrant/scripts/kerberos.sh (installs kerberos and adds principles)
> >
> > note: still under development :)
> >
> >
> > On Fri, Dec 30, 2016 at 5:19 PM, Raghav <raghavastic@gmail.com> wrote:
> >
> >> Hi
> >>
> >> I have never dabbled Kafka with security settings. I was trying to
> follow
> >> this blog to get it working:
> >> http://kafka.apache.org/documentation.html#security_sasl
> >>
> >> But I can't seem to add principals for Kafka in Kerberos server, and I
> am
> >> getting the following error:
> >>
> >> dp@kdc:~$ sudo /usr/sbin/kadmin.local -q 'addprinc -randkey kafka/
> >> kafka1@example.com'
> >> [sudo] password for dp:
> >> Authenticating as principal root/admin@EXAMPLE.COM with password.
> >> WARNING: no policy specified for kafka/kafka1@example.com; defaulting
> to
> >> no
> >> policy
> >> add_principal: No such entry in the database while creating "kafka/
> >> kafka1@example.com".
> >> dp@kdc:~$ ^C
> >>
> >> Can anyone share more insight into how they got a simple Kerberos server
> >> to
> >> work with Kafka, and able to send one message end to end. I greatly
> >> appreciate your help.
> >>
> >> Many thanks.
> >>
> >> --
> >> Raghav
> >>
> >
> >
>



-- 
Raghav

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message