参考:https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/authentication-with-kerberos/content/kerberos_kafka_consuming_events_or_messages_from_kafka_on_a_secured_cluster.html
创建jass.conf,集群使用ambari,默认位置/usr/hdp/current/kafka-broker/config目录中。
注意:创建主题需要使用原有配置文件,即/usr/hdp/current/kafka-broker/config/kafka_client_jass.conf
或者需要另起一个客户端,进行创建主题。
文件内容为:
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
keyTab="/etc/security/keytabs/liph.keytab"
useKeyTab=true
storeKey=true
principal="liph@BIGDATA.COM"
useTicketCache=false
renewTicket=true
serviceName="kafka"; # 名字来源于cat /usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf
};
创建客户端配置文件,client.properties
security.protocol=SASL_PLAINTEXT 协议类型,kafka有三个协议,SSL,PLAINTEXT,SASL_PLAINTEXT./kafka-console-producer.sh --broker-list broker1:6667,broker2:6667 --topic test --producer.config /path/client.properties
消费者./kafka-console-consumer.sh --bootstrap-server broker1:6667,broker2:6667 --topic test --from-beginning --consumer.config /path/client.properties