Hi I’d be great to document what the JAAS file may look like at: http://docs.confluent.io/3.1.2/schema-registry/docs/security.html
I need to ask for principals from my IT which takes a while, so is this a correct JAAS? KafkaClient{ com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab=“/etc/kafka/keytabs/kafka-schema-registry.keytab” principal=“kafka-schema-regis...@example.com"; } Client{ com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab=“/etc/kafka/keytabs/myzkclient.keytab” principal=“myzkcli...@example.com"; } My guess is that the Client section needs to be the exact same for schema-registry and kafka brokers because they both manipulate the same znodes? Regarding the KafkaClient, that’s where I’m a little bit lost. Schema registry will authenticate to Kafka using SASL 9095, but then does it need any ACLs or permissions? Or am I missing something? And where do I set the serviceName in the JAAS file? Thanks Stephane