greyp9 commented on code in PR #9607:
URL: https://github.com/apache/nifi/pull/9607#discussion_r1901150992
##########
nifi-extension-bundles/nifi-kafka-bundle/nifi-kafka-3-service/src/main/java/org/apache/nifi/kafka/service/Kafka3ConnectionService.java:
##########
@@ -146,6 +149,22 @@ public class Kafka3ConnectionService extends
AbstractControllerService implement
)
.build();
+ public static final PropertyDescriptor KERBEROS_CREDENTIALS_SERVICE = new
PropertyDescriptor.Builder()
+ .name("kerberos-credentials-service")
+ .displayName("Kerberos Credentials Service")
+ .description("Service supporting generalized credentials
authentication with Kerberos")
+ .identifiesControllerService(KerberosUserService.class)
+ .required(false)
+ .build();
Review Comment:
Thanks for confirming. All this lines up perfectly with my observations. I
didn't try `KERBEROS_CREDENTIALS_SERVICE`; I'll remove it. I was able to get
things working with `KERBEROS_USER_SERVICE`, which referenced
`SelfContainedKerberosUserService`, by adding the custom property
`sasl.jaas.config` as described in this Confluent documentation:
https://docs.confluent.io/platform/7.3/kafka/authentication_sasl/authentication_sasl_gssapi.html#kafka-sasl-auth-gssapi
Also assuming that `KERBEROS_SERVICE_NAME` is needed, as it would seem that
NiFi would need a means to convey which service it wants to authenticate to.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
