具有kerberos身份验证的Kafka Console使用者 [英] Kafka Console consumer with kerberos authentication
问题描述
正在使用来自kerberos授权的kafka(版本0.10)服务器的已发布消息,用于身份验证密钥表文件.
How to consume published messages from the kafka (version 0.10) server which was kerberos authorized, for the authentication keytab file is being used.
我尝试使用以下命令,但未显示任何输出.
I tried with the below command but no outputs were shown.
bin/kafka-console-consumer.sh --bootstrap-server:9092 --topic --from-beginning
bin/kafka-console-consumer.sh --bootstrap-server :9092 --topic --from-beginning
推荐答案
启用Kerberos的群集有时会带来一些棘手的挑战.我不得不自己处理其中一些.
Kerberos-enabled clusters can pose some tricky challenges at times. I've had to deal with some of these myself.
如果Kafka群集已启用Kerberos,则需要提供 jaas.conf 文件,其中包含Kerberos详细信息.尝试执行以下步骤(它们对我有用):
If the Kafka Cluster is Kerberos-enabled then you'll need to supply a jaas.conf file with the Kerberos details. Try following these steps(they worked for me):
- 创建具有以下内容的 jaas.conf 文件:
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="<path-to-the-keytab-file>"
principal="<kafka-principal>";
};
注意:我假设已经创建了Kafka主体和相关的密钥表.如果没有,则需要首先创建它们.
Note: I've assumed that the Kafka principal and the associated keytab is already created. If not, you'll need to create these first.
- 创建具有以下内容的属性文件(例如"consumer.properties"):
security.protocol=SASL_PLAINTEXT
sasl.kerberos.service.name=kafka
- 然后在终端上运行以下命令:
$export KAFKA_OPTS="-Djava.security.auth.login.config=<path-to-jaas.conf>"
- 执行Kafka-console-consumer脚本:
$ kafka-console-consumer --topic <topic-name> --from-beginning
--bootstrap-server <anybroker>:9092 --consumer.config <consumer.properties>
我希望这会有所帮助.
这篇关于具有kerberos身份验证的Kafka Console使用者的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
