Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Data Engineering Streaming 10.5
  • All Products

Table of Contents

Search

  1. Preface
  2. Introduction to Data Engineering Streaming
  3. Data Engineering Streaming Administration
  4. Sources in a Streaming Mapping
  5. Targets in a Streaming Mapping
  6. Streaming Mappings
  7. Window Transformation
  8. Appendix A: Connections
  9. Appendix B: Monitoring REST API Reference
  10. Appendix C: Sample Files

User Guide

User Guide

Back Next

Configure Java Authorization and Authentication Service (JAAS)

Configure Java Authorization and Authentication Service (JAAS)

To pass a static JAAS configuration file into the JVM using the
java.security.auth.login.config
 property at run time, perform the following tasks:

Use a Static JAAS Configuration File

  1. Ensure that you have JAAS configuration file.
    For information about creating JAAS configuration and configuring Keytab for Kafka clients, see the Apache Kafka documentation at https://kafka.apache.org/0101/documentation/#security
    For example, the JAAS configuration file can contain the following lines of configuration: 
    //Kafka Client Authentication. Used for client to kafka broker connection
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
useKeyTab=true
storeKey=true
keyTab="<path to keytab  file>/<keytab file name>"
principal="<principal name>"
client=true
};
  2. Place the JAAS config file and keytab file in the same location on all the nodes of the Hadoop cluster.
    Put the files in a location that is accessible to all nodes on the cluster, such as
    /etc
     or
    /temp
    .
    On the
    Spark Engine
     tab of the Hadoop connection properties, update the
    extraJavaOptions
     property of the executor and the driver in the
    Advanced Properties
     property. Click
    Edit
     and update the properties in the following format: 
    spark.executor.extraJavaOptions=-Djava.security.egd=file:/dev/./urandom 
-XX:MaxMetaspaceSize=256M -Djavax.security.auth.useSubjectCredsOnly=true 
-Djava.security.krb5.conf=/<path to krb5.conf file>/krb5.conf 
-Djava.security.auth.login.config=/<path to jAAS config>/<kafka_client_jaas>.config 
                                
spark.driver.cluster.mode.extraJavaOptions=-Djava.security.egd=file:/dev/./urandom 
-XX:MaxMetaspaceSize=256M -Djavax.security.auth.useSubjectCredsOnly=true 
-Djava.security.krb5.conf=/<path to krb5.conf file>/krb5.conf 
-Djava.security.auth.login.config=<path to jaas config>/<kafka_client_jaas>.config
  3. Configure the following properties in the data object read or write operation:
    • Data object read operation. Configure the
      Consumer Configuration Properties
       property in the advanced properties.
    • Data object write operation. Configure the
      Producer Configuration Properties
       property in the advanced properties.
    Specify the following value: 
    security.protocol=SASL_PLAINTEXT,sasl.kerberos.service.name=kafka,sasl.mechanism=GSSAPI

Embed the JAAS Configuration

To embed the JAAS configuration in the
sasl.jaas.config
 configuration property, perform the following tasks:
  1. On the
    Spark Engine
     tab of the Hadoop connection properties, update the
    extraJavaOptions
     property of the executor and the driver in the
    Advanced Properties
     property. Click
    Edit
     and update the properties in the following format: 
    spark.executor.extraJavaOptions=-Djava.security.egd=file:/dev/./urandom 
-XX:MaxMetaspaceSize=256M -XX:+UseG1GC -XX:MaxGCPauseMillis=500 -Djava.security.krb5.conf=<path to krb5.conf file>


spark.driver.cluster.mode.extraJavaOptions=-Djava.security.egd=file:/dev/./urandom 
-XX:MaxMetaspaceSize=256M -XX:+UseG1GC -XX:MaxGCPauseMillis=500 -Djava.security.krb5.conf=<path to krb5.conf file>
  2. Configure the following properties in the data object read or write operation:
    • Data object read operation. Configure the
      Consumer Configuration Properties
       property in the advanced properties.
    • Data object write operation. Configure the
      Producer Configuration Properties
       property in the advanced properties.
    Specify the following value: 
    security.protocol=SASL_PLAINTEXT,sasl.kerberos.service.name=kafka,sasl.mechanism=GSSAPI,sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true 
storeKey=true doNotPrompt=true serviceName="<service_name>" keyTab="<location of keytab file>" 
client=true principal="<principal_name>";
0 COMMENTS
We’d like to hear from you!