具有 kerberos 身份验证的 Kafka 控制台使用者 [英] Kafka Console consumer with kerberos authentication
问题描述
如何使用来自 kafka(0.10 版)服务器的已发布消息,该服务器是 kerberos 授权的,因为正在使用身份验证密钥表文件.
我尝试了以下命令,但没有显示任何输出.
bin/kafka-console-consumer.sh --bootstrap-server :9092 --topic --from-beginning
启用 Kerberos 的集群有时会带来一些棘手的挑战.我不得不自己处理其中的一些问题.
如果 Kafka 集群启用了 Kerberos,那么您需要提供一个带有 Kerberos 详细信息的 jaas.conf 文件.尝试按照以下步骤操作(它们对我有用):
- 创建一个 jaas.conf 文件,内容如下:
<块引用>
KafkaClient {需要 com.sun.security.auth.module.Krb5LoginModule使用KeyTab = truekeyTab=""principal=<kafka-principal>";}; 注意:我假设已经创建了 Kafka 主体和关联的密钥表.如果没有,您需要先创建这些.
- 创建一个包含以下内容的属性文件(比如consumer.properties"):
<块引用>
security.protocol=SASL_PLAINTEXTsasl.kerberos.service.name=kafka- 然后在终端运行以下命令:
<块引用>
$export KAFKA_OPTS=-Djava.security.auth.login.config=" - 执行 Kafka-console-consumer 脚本:
<块引用>
$ kafka-console-consumer --topic - 从开始--bootstrap-server :9092 --consumer.config 编辑 - 步骤 3 和 4 可以合并,以防万一有偏好将它们作为一个命令保留在命令历史记录中.
我希望这会有所帮助.
How to consume published messages from the kafka (version 0.10) server which was kerberos authorized, for the authentication keytab file is being used.
I tried with the below command but no outputs were shown.
bin/kafka-console-consumer.sh --bootstrap-server :9092 --topic --from-beginning
Kerberos-enabled clusters can pose some tricky challenges at times. I've had to deal with some of these myself.
If the Kafka Cluster is Kerberos-enabled then you'll need to supply a jaas.conf file with the Kerberos details. Try following these steps(they worked for me):
- Create a jaas.conf file with the following contents:
KafkaClient { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="<path-to-the-keytab-file>" principal="<kafka-principal>"; };
Note: I've assumed that the Kafka principal and the associated keytab is already created. If not, you'll need to create these first.
- Create a properties file (say "consumer.properties") with the following contents:
security.protocol=SASL_PLAINTEXT sasl.kerberos.service.name=kafka
- Then at the terminal run the following command:
$export KAFKA_OPTS="-Djava.security.auth.login.config=<path-to-jaas.conf>"
- Execute the Kafka-console-consumer script:
$ kafka-console-consumer --topic <topic-name> --from-beginning --bootstrap-server <anybroker>:9092 --consumer.config <consumer.properties>
EDIT - Steps 3 and 4 could be combined just in case there is a preference to keep these as one command in the command history.
I hope this helps.
这篇关于具有 kerberos 身份验证的 Kafka 控制台使用者的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
