My clients (producers) are combination of devices, sensors, application hence volume of producers would be high. All I want to ensure Broker receives data from trusted (my own) devices.
On Fri, Feb 16, 2018 at 9:33 AM, Martin Gainty <mgai...@hotmail.com> wrote: > majority of commercial entities (banks/financial-houses) pass this to a CA > (certifying authority) who will be responsible for > generating X509 certificates > generating private key > generating public key > generating username (aka alias) > generating password > > this depends on what type of PKI your client wants to setup at the very > least you need to identify target env: > which browser? > which mobile device? > > also you will need to be aware of > selected provider capabilities > algorithms supported within provider > > also are you using Zookeeper? > in which case will you be implementing either > Kerberos5 > OR > MD5 > > implementing DIGEST-MD5 in ZK you will need to properly configure > java.security as follows: > > MG>$JRE_HOME/lib/security/java.security entries verification : > > MG>can you verify > > Context.SECURITY_AUTHENTICATION="DIGEST-MD5" > ? > > MG>can you verify authentication Principal is set to EITHER u as in > > Context.SECURITY_PRINCIPAL="u: cuser" > > MG>OR authentication Principal is set to DistinguishedName > > Context.SECURITY_PRINCIPAL="dn: cn=C. User, ou=NewHires, o=JNDITutorial" > > ? > > MG>what is value of zookeeper.sasl.client.username System Property ? > > Martin > ________________________________ > From: Sivaprakash <sivaprakashshanmu...@gmail.com> > Sent: Thursday, February 15, 2018 11:24 AM > To: users@kafka.apache.org > Subject: Re: Static IP Configuration > > Any general best practice which can be followed in Kafka on this? > > On Thu, Feb 15, 2018 at 9:39 PM, Jakub Scholz <ja...@scholz.cz> wrote: > > > I'm afraid Kafka will not offer any help with this - at least not as far > as > > I know. You have to implement it on your own. > > > > Jakub > > > > On Thu, Feb 15, 2018 at 3:58 PM, Sivaprakash <sivaprakashshanmugam@gmail. > > com > > > wrote: > > > > > In this case how authentication keys can be maintained? If I want to > > change > > > key/password for my cluster how can I change it in my clients > (producers) > > > because they might be sitting in my remote place (sensors/mobile apps)? > > > > > > On Thu, Feb 15, 2018 at 7:30 PM, Jakub Scholz <ja...@scholz.cz> wrote: > > > > > > > Yes, the clients do not connect to Zookeeper anymore. You can create > a > > > > loadbalancer which will point to all your Kafka brokers and use the > > > address > > > > of such loadbalancer as the "bootstrap server" in your clients. The > > > clients > > > > will use the loadbalancer and connect to one of the Kafka brokers and > > get > > > > metadata from this broker. And with these metadata they will connect > to > > > the > > > > different leaders as needed. > > > > > > > > Jakub > > > > > > > > On Thu, Feb 15, 2018 at 12:50 PM, Sivaprakash < > > > > sivaprakashshanmu...@gmail.com> wrote: > > > > > > > > > Hi, > > > > > > > > > > Just trying to understand how Zookeeper works with Kafka in recent > > > > > versions. Document says Zookeeper need not be connected by Producer > > and > > > > > Subscriber. > > > > > > > > > > How to assign a static IP to the whole cluster (anything like load > > > > > balancer) ? I want my producers to use only one IP or domain to > > publish > > > > > data irrespective of Kafka Broker Leader. > > > > > > > > > > > > > > > > > > > > > -- > > > - Prakash. > > > > > > > > > -- > - Prakash. > -- - Prakash.
