flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vijay Srinivasaraghavan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-3239) Support for Kerberos enabled Kafka 0.9.0.0
Date Thu, 28 Apr 2016 17:08:12 GMT

    [ https://issues.apache.org/jira/browse/FLINK-3239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15262538#comment-15262538
] 

Vijay Srinivasaraghavan commented on FLINK-3239:
------------------------------------------------

Thanks [~stefanobaghino] 

I believe the kafka consumer principal and keytab infomation will be supplied in the JassConfig
file for the Kafka client code to peform kerberos authentication and we need to pass only
the JAAS config file property to the kafka clients (producer/consumer). 

I am trying to understand the need for passing the keytab configuration file location (public
static final String KRB5_CONF_PATH = "krb5.conf.path") ? Could you please explain. 

KafkaClient {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    storeKey=true
    keyTab="/etc/security/keytabs/kafkaClient.keytab"
    principal="kafka-client@FOO.COM";
};

> Support for Kerberos enabled Kafka 0.9.0.0
> ------------------------------------------
>
>                 Key: FLINK-3239
>                 URL: https://issues.apache.org/jira/browse/FLINK-3239
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Niels Basjes
>            Assignee: Stefano Baghino
>         Attachments: flink3239-prototype.patch
>
>
> In Kafka 0.9.0.0 support for Kerberos has been created ( KAFKA-1686 ).
> Request: Allow Flink to forward/manage the Kerberos tickets for Kafka correctly so that
we can use Kafka in a secured environment.
> I expect the needed changes to be similar to FLINK-2977 which implements the same support
for HBase.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message