I've been struggling to get NiFi working with Kerberos authenticated
Kafka. According to the docs, the "Kerberos Service Name" property
specifies:
"The Kerberos principal name that Kafka runs as. This can be defined
either in Kafka's JAAS config or in Kafka's config. Corresponds to
Kafka's 'security.protocol' property.It is ignored unless one of the
SASL options of the <Security Protocol> are selected."
First off, it doesn't correspond to Kafka's security.protocol property
- it corresponds to the JAAS serviceName property. Second, I'm not
sure it is a Kerberos principal name - in my (HDP) install, it is set
to "kafka", and using the full Kerberos principal name
("[email protected]") doesn't work. I would submit a PR, but I'm
not 100% sure about the second bit.
Long story short, for my install setting this to "kafka" worked, plus
setting "Kerberos Principal" and "Kerberos Keytab" to suitable things,
and "Security Protocol" to "SASL_PLAINTEXT". In our environment, we
enforce explicit topic creation so having done that and granted
producer and consumer access to the correct users, everything works
nicely.
James
