Kafka Schema Registry JAAS file

Stephane Maarek Sun, 19 Feb 2017 16:22:50 -0800

Hi

I’d be great to document what the JAAS file may look like at:
http://docs.confluent.io/3.1.2/schema-registry/docs/security.html


I need to ask for principals from my IT which takes a while, so is this a
correct JAAS?

KafkaClient{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab=“/etc/kafka/keytabs/kafka-schema-registry.keytab”
principal=“kafka-schema-regis...@example.com";
}

Client{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab=“/etc/kafka/keytabs/myzkclient.keytab”
principal=“myzkcli...@example.com";
}

My guess is that the Client section needs to be the exact same for
schema-registry and kafka brokers because they both manipulate the same
znodes?

Regarding the KafkaClient, that’s where I’m a little bit lost. Schema
registry will authenticate to Kafka using SASL 9095, but then does it need
any ACLs or permissions? Or am I missing something?
And where do I set the serviceName in the JAAS file?

Thanks
Stephane

Kafka Schema Registry JAAS file

Reply via email to