PowerExchange for Kafka User Guide for PowerCenter

PowerExchange for Kafka User Guide for PowerCenter

Configuring the krb5.conf file to Read Data from or Write to a Kerberised Kafka Cluster (Optional)

Configuring the krb5.conf file to Read Data from or Write to a Kerberised Kafka Cluster (Optional)

To read from or write to a Kerberised Kafka cluster, configure the default realm, KDC, and Kafka source or target session properties.
Before you read from or write to a Kerberized Kafka cluster, perform the following tasks:
  1. Ensure that you have the
    krb5.conf
    file for the Kerberised Kafka cluster.
  2. Configure the default realm and KDC. If the default
    /etc/krb5.conf
    file is not configured or you want to change the configuration, add the following lines to the
    /etc/krb5.conf
    file:
    [libdefaults] default_realm = <REALM NAME> dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] <REALM NAME> = { kdc = <Location where KDC is installed> admin_server = <Location where KDC is installed> } [domain_realm] .<domain name or hostname> = <KERBEROS DOMAIN NAME> <domain name or hostname> = <KERBEROS DOMAIN NAME>
  3. To pass a static JAAS configuration file into the JVM using the
    java.security.auth.login.config
    property at runtime, perform the following tasks:
    1. Ensure that you have JAAS configuration file.
      For information about creating JAAS configuration and configuring Keytab for Kafka clients, see the Apache Kafka documentation at https://kafka.apache.org/0101/documentation/#security
      For example, the JAAS configuration file can contain the following lines of configuration:
      //Kafka Client Authentication. Used for client to kafka broker connection KafkaClient { com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=true useKeyTab=true storeKey=true keyTab="<path to Kafka keytab file>/<Kafka keytab file name>" principal="<principal name>" client=true };
    2. Place the JAAS config file and keytab file in the same location on all the nodes.
      Informatica recommends that you place the files in a location that is accessible to all the nodes in the cluster. Example:
      /etc
      or
      /temp
    3. Configure the following properties:
      Kafka connection
      Configure the
      Kerberos Configuration Properties
      property in a Kafka connection and specify the value in the following format:
      security.protocol=SASL_PLAINTEXT,sasl.kerberos.service.name=kafka,sasl.mechanism=GSSAPI
      Sources
      Configure the
      Consumer Configuration Properties
      property in the source session properties to override the value specified in the
      Kerberos Configuration Properties
      property in a Kafka connection. Specify the value in the following format:
      security.protocol=SASL_PLAINTEXT,sasl.kerberos.service.name=kafka,sasl.mechanism=GSSAPI
      Targets
      Configure the
      Producer Configuration Properties
      property in the target session properties to override the value specified in the
      Kerberos Configuration Properties
      property in a Kafka connection. Specify the value in the following format:
      security.protocol=SASL_PLAINTEXT,sasl.kerberos.service.name=kafka,sasl.mechanism=GSSAPI
  4. To embed the JAAS configuration in the
    sasl.jaas.config
    configuration property, configure the following properties:
    Kafka connection
    Configure the
    Kerberos Configuration Properties
    property in a Kafka connection and specify the value in the following format:
    security.protocol=SASL_PLAINTEXT,sasl.kerberos.service.name=kafka,sasl.mechanism=GSSAPI,
    sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true doNotPrompt=true serviceName="<service_name>" keyTab="<location of keytab file>" client=true principal="<principal_name>";
    Sources
    Configure the
    Consumer Configuration Properties
    property in the source session properties to override the value specified in the
    Kerberos Configuration Properties
    property in a Kafka connection. Specify the value in the following format:
    security.protocol=SASL_PLAINTEXT,sasl.kerberos.service.name=kafka,sasl.mechanism=GSSAPI,
    sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true doNotPrompt=true serviceName="<service_name>" keyTab="<location of keytab file>" client=true principal="<principal_name>";
    Targets
    Configure the
    Producer Configuration Properties
    property in the target session properties to override the value specified in the
    Kerberos Configuration Properties
    property in a Kafka connection. Specify the value in the following format:
    security.protocol=SASL_PLAINTEXT,sasl.kerberos.service.name=kafka,sasl.mechanism=GSSAPI,
    sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true doNotPrompt=true serviceName="<service_name>" keyTab="<location of keytab file>" client=true principal="<principal_name>";

0 COMMENTS

We’d like to hear from you!