kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gerrit Jansen van Vuuren <gerrit...@gmail.com>
Subject Re: Setup Kerberos for Kafka on Ubuntu Linux
Date Fri, 30 Dec 2016 16:57:33 GMT
also, before tinkering with Kerberos, I'd advise to read the first 4
chapters of "Kerberos: The Definite Guide"
https://www.amazon.com/Kerberos-Definitive-Guide-Jason-Garman/dp/0596004036/ref=sr_1_1?ie=UTF8&qid=1483116842&sr=8-1&keywords=kerberos

It helped me and after a week of reading I could get started working on
using kerberos without getting senselessly frustrated all the time.



On Fri, Dec 30, 2016 at 5:49 PM, Gerrit Jansen van Vuuren <
gerritjvv@gmail.com> wrote:

> make sure kafka1 is the FQN and that the server kafka1 can resolve
> properly from you're kerberos server, EXAMPLE.COM should be a realm that
> is configured in krb5.conf and kdc.conf, with the adequate domain mappings
> for kafka1 to this realm.
>
> Kerberos is a pain and there are tons of stuff that can go wrong :)
>
> As part of adding kerberos to the kafka-clj connector I've setup a Vagrant
> build that creates kerberos and kafka kerberised instances, this may help
> you getting started if all you're looking for is testing kafka with
> kerberos.
>
> https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka-
> clj/doc/vagrant.md
>
> https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka-
> clj/Vagrantfile
> See https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka-
> clj/vagrant/scripts/kerberos.sh (installs kerberos and adds principles)
>
> note: still under development :)
>
>
> On Fri, Dec 30, 2016 at 5:19 PM, Raghav <raghavastic@gmail.com> wrote:
>
>> Hi
>>
>> I have never dabbled Kafka with security settings. I was trying to follow
>> this blog to get it working:
>> http://kafka.apache.org/documentation.html#security_sasl
>>
>> But I can't seem to add principals for Kafka in Kerberos server, and I am
>> getting the following error:
>>
>> dp@kdc:~$ sudo /usr/sbin/kadmin.local -q 'addprinc -randkey kafka/
>> kafka1@example.com'
>> [sudo] password for dp:
>> Authenticating as principal root/admin@EXAMPLE.COM with password.
>> WARNING: no policy specified for kafka/kafka1@example.com; defaulting to
>> no
>> policy
>> add_principal: No such entry in the database while creating "kafka/
>> kafka1@example.com".
>> dp@kdc:~$ ^C
>>
>> Can anyone share more insight into how they got a simple Kerberos server
>> to
>> work with Kafka, and able to send one message end to end. I greatly
>> appreciate your help.
>>
>> Many thanks.
>>
>> --
>> Raghav
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message