Kerberos-based Security
Scenarios
Flink Kerberos configuration items must be configured in security mode.
Configuration Description
The configuration items include keytab, principal, and cookie of Kerberos.
For versions earlier than MRS 3.x, the configuration item does not contain cookie.
| Parameter | Description | Default Value | Mandatory |
|---|---|---|---|
| security.kerberos.login.keytab | Keytab file path. This parameter is a client parameter. | Configure the parameter based on actual service requirements. | Yes |
| security.kerberos.login.principal | A parameter on the client. If security.kerberos.login.keytab and security.kerberos.login.principal are both set, keytab certificate is used by default. | Configure the parameter based on actual service requirements. | No |
| security.kerberos.login.contexts | Contexts of the jass file generated by Flink. This parameter is a server parameter. | Client, KafkaClient | Yes |
| security.enable | Certificate enabling switch of the Flink internal module. This parameter is a client parameter. | This parameter is configured automatically according to the cluster installation mode.
| Yes |
| security.cookie | Module certificate token. This parameter is a client parameter. It must be configured and cannot be left empty when security.enable is enabled. | Configure the parameter based on actual service requirements. | Yes |
For versions earlier than MRS 3.x, the configuration parameters do not include security.enable and security.cookie.
Last Article: State Backend
Next Article: HA
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.