majority of commercial entities (banks/financial-houses) pass this to a CA (certifying authority) who will be responsible for generating X509 certificates generating private key generating public key generating username (aka alias) generating password
this depends on what type of PKI your client wants to setup at the very least you need to identify target env: which browser? which mobile device? also you will need to be aware of selected provider capabilities algorithms supported within provider also are you using Zookeeper? in which case will you be implementing either Kerberos5 OR MD5 implementing DIGEST-MD5 in ZK you will need to properly configure java.security as follows: MG>$JRE_HOME/lib/security/java.security entries verification : > MG>can you verify > Context.SECURITY_AUTHENTICATION="DIGEST-MD5" ? MG>can you verify authentication Principal is set to EITHER u as in > Context.SECURITY_PRINCIPAL="u: cuser" > MG>OR authentication Principal is set to DistinguishedName > Context.SECURITY_PRINCIPAL="dn: cn=C. User, ou=NewHires, o=JNDITutorial" ? MG>what is value of zookeeper.sasl.client.username System Property ? Martin ________________________________ From: Sivaprakash <sivaprakashshanmu...@gmail.com> Sent: Thursday, February 15, 2018 11:24 AM To: users@kafka.apache.org Subject: Re: Static IP Configuration Any general best practice which can be followed in Kafka on this? On Thu, Feb 15, 2018 at 9:39 PM, Jakub Scholz <ja...@scholz.cz> wrote: > I'm afraid Kafka will not offer any help with this - at least not as far as > I know. You have to implement it on your own. > > Jakub > > On Thu, Feb 15, 2018 at 3:58 PM, Sivaprakash <sivaprakashshanmugam@gmail. > com > > wrote: > > > In this case how authentication keys can be maintained? If I want to > change > > key/password for my cluster how can I change it in my clients (producers) > > because they might be sitting in my remote place (sensors/mobile apps)? > > > > On Thu, Feb 15, 2018 at 7:30 PM, Jakub Scholz <ja...@scholz.cz> wrote: > > > > > Yes, the clients do not connect to Zookeeper anymore. You can create a > > > loadbalancer which will point to all your Kafka brokers and use the > > address > > > of such loadbalancer as the "bootstrap server" in your clients. The > > clients > > > will use the loadbalancer and connect to one of the Kafka brokers and > get > > > metadata from this broker. And with these metadata they will connect to > > the > > > different leaders as needed. > > > > > > Jakub > > > > > > On Thu, Feb 15, 2018 at 12:50 PM, Sivaprakash < > > > sivaprakashshanmu...@gmail.com> wrote: > > > > > > > Hi, > > > > > > > > Just trying to understand how Zookeeper works with Kafka in recent > > > > versions. Document says Zookeeper need not be connected by Producer > and > > > > Subscriber. > > > > > > > > How to assign a static IP to the whole cluster (anything like load > > > > balancer) ? I want my producers to use only one IP or domain to > publish > > > > data irrespective of Kafka Broker Leader. > > > > > > > > > > > > > > > -- > > - Prakash. > > > -- - Prakash.
