search

hchadeisson / mstr-kafka-sink

4 stars 1 forks source link

Support for Kerberos Authentication #1

Open rja1 opened 5 years ago

rja1 commented 5 years ago

Forgive me if this is already supported and I've misconfigured something, however, the sink never calls Kerberos, when configured to do so.

See description here for secure connectors: https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_gssapi.html#sasl-gssapi-connect-workers

My example sink: name=MicroStrategySinkTest connector.class=com.microstrategy.se.kafka.pushapi.MicroStrategySink tasks.max=1 topics=ms-test-topic CONFIG_LIBRARY_URL=http://blah.com:8080/MicroStrategyLibrary CONFIG_USER=username CONFIG_PASSWORD=password CONFIG_PROJECT=DEMO CONFIG_CUBE=MicroStrategy & Kafka

consumer.sasl.mechanism=GSSAPI consumer.security.protocol=SASL_PLAINTEXT consumer.sasl.kerberos.service.name=kafka consumer.sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required \ com.sun.security.auth.module.Krb5LoginModule required \ useKeyTab=true \ storeKey=true \ keyTab="/opt/kafka/security/kafka-client-ku.keytab" \ principal="kafka-client@BLAH.COM";

Kafka log: [2019-07-10 16:49:54,439] INFO [SocketServer brokerId=3] Failed authentication with /10.18.27.35 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector) [2019-07-10 16:49:54,851] INFO [SocketServer brokerId=3] Failed authentication with /10.18.27.35 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector) [2019-07-10 16:49:55,255] INFO [SocketServer brokerId=3] Failed authentication with /10.18.27.35 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector) [2019-07-10 16:49:55,661] INFO [SocketServer brokerId=3] Failed authentication with /10.18.27.35 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)

Thanks

rja1 commented 5 years ago

Any word on this?

hchadeisson commented 5 years ago

Hello, I do not have bandwidth to implement this but I welcome external contributions :)

Le mar. 16 juil. 2019 à 21:16, Rob Anderson notifications@github.com a écrit :

Any word on this?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/hchadeisson/mstr-kafka-sink/issues/1?email_source=notifications&email_token=ADHM24NMW6TD24ZUTZXIXZDP7YNCJA5CNFSM4IAAQ6E2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2B3TKI#issuecomment-511949225, or mute the thread https://github.com/notifications/unsubscribe-auth/ADHM24NMKIUVYPBFJ4TXRTDP7YNCJANCNFSM4IAAQ6EQ .