[jira] [Commented] (RANGER-1847) Ranger Kafka Plugin sasl.enabled.mechanisms=PLAIN

Sat, 21 Oct 2017 22:53:17 -0700 

    [ 
https://issues.apache.org/jira/browse/RANGER-1847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16214198#comment-16214198
 ] 

Ronald van de Kuil commented on RANGER-1847:
--------------------------------------------

Hello Don,

Thank you for explaining how it is intended to work. I will close this issue.

Concerning the overall setup I have the following JAAS file for the Kafka 
Server:

KafkaServer {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="kafka"
   password="passw0rd"
   user_kafka="passw0rd"
   user_producer="passw0rd"
   user_consumer="passw0rd";
};

Client {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="zookeeper"
   password="passw0rd";
};

It can be added to the JVM as follows:

export 
KAFKA_OPTS="-Djava.security.auth.login.config=/usr/local/kafka/etc/kafka_server_jaas.conf"

The Kafka Server authenticates the user against the users. 

Also, it authorizes access tot the topic against the policy. - that I did test.

With some fiddling around I should be able to get it to work if I go for Solr.

Even though the authentication and the authorisation works, this might not be 
as intended as you explained. 

Would it still make sense to discuss it in the user mailing list?

> Ranger Kafka Plugin sasl.enabled.mechanisms=PLAIN
> -------------------------------------------------
>
>                 Key: RANGER-1847
>                 URL: https://issues.apache.org/jira/browse/RANGER-1847
>             Project: Ranger
>          Issue Type: Test
>          Components: plugins
>    Affects Versions: 0.6.3, 0.7.1
>         Environment: ubuntu stand-alone hobby environment
>            Reporter: Ronald van de Kuil
>            Priority: Minor
>
> I am such a NOOB hobby-ing away. And I like it. ;)
> I figured I would give it a try to setup Kafka to use the 
> sasl.enabled.mechanisms of type PLAIN with ranger to do the authorisation and 
> the auditing (instead of GSSAPI).
> I got it to work pretty far. KafkaServer gets into state SaslAuthenticated 
> with Zookeeper. 
> Next it loads the ranger kafka plugin. Then the RangerKafkaAuthorizer 
> complains about Kerberos. 
> I then updated the CLASSPATH and it complains about something else.
> I am not sure how to classify this issue. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to