[ https://issues.apache.org/jira/browse/METRON-819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15961124#comment-15961124 ]
ASF GitHub Bot commented on METRON-819: --------------------------------------- Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/507 The issues that I am having currently are with Quick Dev. But I have actually been able to do this on a separate cluster in a slightly different way. On the other cluster, I did not use the `--group` option when setting the ACL. If I did set the group, then I had to ensure that the group matched what was used by the `kafka-console-producer`. So as a test, I granted access without the `--group`. 1. Grant access. Look ma, no group. ``` [root@node1 ~]# kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=node1:2181 --add --allow-principal User:metron --topic yaf Adding ACLs for resource `Topic:yaf`: User:metron has Allow permission for operations: All from hosts: * Current ACLs for resource `Topic:yaf`: User:metron has Allow permission for operations: All from hosts: * ``` 2. Validate the ACL. Looks good this time. ``` [root@node1 ~]# kafka-acls.sh --list --topic yaf --authorizer-properties zookeeper.connect=node1:2181 --authorizer kafka.security.auth.SimpleAclAuthorizer Current ACLs for resource `Topic:yaf`: User:metron has Allow permission for operations: All from hosts: * ``` 3. And now I can send data successfully. ``` [root@node1 ~]# echo "foo" | kafka-console-producer.sh --broker-list node1:6667 --topic yaf --security-protocol SASL_PLAINTEXT [2017-04-07 17:05:28,830] WARN The TGT cannot be renewed beyond the next expiry date: Sat Apr 08 16:11:26 UTC 2017.This process will not be able to authenticate new SASL connections after that time (for example, it will not be able to authenticate a new connection with a Kafka Broker). Ask your system administrator to either increase the 'renew until' time by doing : 'modprinc -maxrenewlife null ' within kadmin, or instead, to generate a keytab for null. Because the TGT's expiry cannot be further extended by refreshing, exiting refresh thread now. (org.apache.kafka.common.security.kerberos.KerberosLogin) ``` > Document kafka console producer parameter for sensors with kerberos > ------------------------------------------------------------------- > > Key: METRON-819 > URL: https://issues.apache.org/jira/browse/METRON-819 > Project: Metron > Issue Type: Improvement > Reporter: Michael Miklavcic > Assignee: Michael Miklavcic > > Snort and Yaf use the Kafka console producer. These sensors need an > additional parameter to work with Kerberos. -- This message was sent by Atlassian JIRA (v6.3.15#6346)