SASL Kerberos Authentication
In a cluster with the security mode enabled, the components must be mutually authenticated before communicating with each other to ensure communication security. The Kafka, ZooKeeper, and Kerberos security authentications are required for Kafka application development. However, you only need to generate one JAAS file and configure related environment variables accordingly. LoginUtil related APIs can be used to complete these configurations.
Sample Code
The code snippets are contained in the LoginUtil class of the com.huawei.bigdata.kafka.example.security package.
/**
* keytab file name of the machine-machine account that the user applies for
*/
private static final String USER_KEYTAB_FILE = "Keytab file name of the machine-machine account that the user applies for, for example, user.keytab";
/**
* Machine-machine account that the user applies for
*/
private static final String USER_PRINCIPAL = "Machine-machine account that the user applies for";
public static void securityPrepare() throws IOException
{
String filePath = System.getProperty("user.dir") + File.separator + "src" + File.separator + "main" + File.separator + "resources" + File.separator;
String krbFile = filePath + "krb5.conf";
String userKeyTableFile = filePath + USER_KEYTAB_FILE;
//Replace separators in the Windows path.
userKeyTableFile = userKeyTableFile.replace("\\", "\\\\");
krbFile = krbFile.replace("\\", "\\\\");
LoginUtil.setKrb5Config(krbFile);
LoginUtil.setZookeeperServerPrincipal("zookeeper/hadoop.<System domain name>");
LoginUtil.setJaasFile(USER_PRINCIPAL, userKeyTableFile);
}
Log in to FusionInsight Manager, choose System > Permission > Domain and Mutual Trust, and check the value of Local Domain, which is the current system domain name.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
