Closed noslowerdna closed 7 years ago
This would also need to extend to the offset monitor as it can pull data out of kafka to read kafka stored offsets
This would also need to extend to the offset monitor as it can pull data out of kafka to read kafka stored offsets
As the offset monitor is still using the old Kafka 0.8 consumer that does not support Kerberos SASL, until https://github.com/quantifind/KafkaOffsetMonitor/issues/79 is addressed a plaintext listener port would still need to be opened if using the offset monitor service along with this feature, similar to the approach for schema registry and REST proxy services that is documented at http://docs.confluent.io/3.0.1/kafka/platform-security.html
Done in #57
As described at http://docs.confluent.io/3.0.0/kafka/sasl.html#sasl-configuration-for-kafka-brokers GSSAPI (Kerberos) authentication is supported as of Kafka 0.9. In addition to a variety of configuration properties that must be set to enable this, a special JAAS configuration file must be created and provided with the
-Djava.security.auth.login.config
JVM parameter. The cookbook can manage the creation of the configuration file and setting this parameter.Broker configuration is considered out of scope for this feature and should be set separately. Relevant properties could include: