Re: PublishKafka_1_0 Kerberos

[Jeremy Dyer <jd...@gmail.com>]

A JAAS file is not required. Can you point me to the documentation that is
confusing so I can change that as well

On Tue, Feb 26, 2019 at 7:57 AM Dan Caulfield <da...@gm.com> wrote:

> Is a JAAS file still required when using SASL_PLAINTEXT or SASL_SSL?
> Since the Kerberos Credential Service and the Processor itself has all of
> the information that the JAAS file would contain it seems to contradict the
> documentation.
>
>
>
>
>
> *Dan Caulfield *Hyper Scale Engineer
>
> GM – NA Information Technology – Hyper Scale Data Solutions
>
> dan.caulfield@gm.com
> T +1 5128403497
>
> [image: cid:image002.png@01D30624.FDB82750]
>
>
>
>
> Nothing in this message is intended to constitute an electronic signature
> unless a specific statement to the contrary is included in this message.
>
> Confidentiality Note: This message is intended only for the person or
> entity to which it is addressed. It may contain confidential and/or
> privileged material. Any review, transmission, dissemination or other use,
> or taking of any action in reliance upon this message by persons or
> entities other than the intended recipient is prohibited and may be
> unlawful. If you received this message in error, please contact the sender
> and delete it from your computer.
>

Re: [EXTERNAL] Re: PublishKafka_1_0 Kerberos

[Bryan Bende <bb...@gmail.com>]

If you want to submit a PR, you would need to update the property
descriptor in 0.9, 0.10, 0.11, 1.0, and 2.0:

https://github.com/apache/nifi/search?q=The+Kerberos+principal+name+that+Kafka+runs+as.&unscoped_q=The+Kerberos+principal+name+that+Kafka+runs+as.

Thanks.

On Tue, Feb 26, 2019 at 3:33 PM James Srinivasan
<ja...@gmail.com> wrote:
>
> If someone is updating the Kafka docs, it would be great to get this corrected:
>
> http://apache-nifi-users-list.2361937.n4.nabble.com/Incorrect-PublishKafka-0-10-documentation-td3406.html
>
> (Been on my to-do list for ages)
>
> On Tue, 26 Feb 2019, 16:16 Bryan Bende, <bb...@gmail.com> wrote:
>>
>> Hi Dan,
>>
>> There is a note in there somewhere that says it doesn't have to be
>> specified in the JAAS file...
>>
>> "Alternatively, the JAAS configuration when using GSSAPI can be
>> provided by specifying the Kerberos Principal and Kerberos Keytab
>> directly in the processor properties. This will dynamically create a
>> JAAS configuration like above, and will take precedence over the
>> java.security.auth.login.config system property. "
>>
>> We could also update that to mention that the Keytab Credential
>> Service can take precedence over the principal and keytab directly in
>> the processor.
>>
>> Thanks,
>>
>> Bryan
>>
>> On Tue, Feb 26, 2019 at 11:13 AM Dan Caulfield <da...@gm.com> wrote:
>> >
>> > The additional details link within the processor usage docs still references using the JAAS file.
>> >
>> >
>> >
>> > From: Jeremy Dyer [mailto:jdye64@gmail.com]
>> > Sent: Tuesday, February 26, 2019 10:00 AM
>> > To: users@nifi.apache.org
>> > Subject: [EXTERNAL] Re: PublishKafka_1_0 Kerberos
>> >
>> >
>> >
>> > A JAAS file is not required. Can you point me to the documentation that is confusing so I can change that as well
>> >
>> >
>> >
>> > On Tue, Feb 26, 2019 at 7:57 AM Dan Caulfield <da...@gm.com> wrote:
>> >
>> > Is a JAAS file still required when using SASL_PLAINTEXT or SASL_SSL?  Since the Kerberos Credential Service and the Processor itself has all of the information that the JAAS file would contain it seems to contradict the documentation.
>> >
>> >
>> >
>> >
>> > Dan Caulfield
>> > Hyper Scale Engineer
>> >
>> > GM – NA Information Technology – Hyper Scale Data Solutions
>> >
>> > dan.caulfield@gm.com
>> > T +1 5128403497
>> >
>> >
>> >
>> >
>> >
>> > Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.
>> >
>> > Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer.
>> >
>> >
>> >
>> > Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.
>> >
>> > Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer.

Re: [EXTERNAL] Re: PublishKafka_1_0 Kerberos

[James Srinivasan <ja...@gmail.com>]

If someone is updating the Kafka docs, it would be great to get this
corrected:

http://apache-nifi-users-list.2361937.n4.nabble.com/Incorrect-PublishKafka-0-10-documentation-td3406.html

(Been on my to-do list for ages)

On Tue, 26 Feb 2019, 16:16 Bryan Bende, <bb...@gmail.com> wrote:

> Hi Dan,
>
> There is a note in there somewhere that says it doesn't have to be
> specified in the JAAS file...
>
> "Alternatively, the JAAS configuration when using GSSAPI can be
> provided by specifying the Kerberos Principal and Kerberos Keytab
> directly in the processor properties. This will dynamically create a
> JAAS configuration like above, and will take precedence over the
> java.security.auth.login.config system property. "
>
> We could also update that to mention that the Keytab Credential
> Service can take precedence over the principal and keytab directly in
> the processor.
>
> Thanks,
>
> Bryan
>
> On Tue, Feb 26, 2019 at 11:13 AM Dan Caulfield <da...@gm.com>
> wrote:
> >
> > The additional details link within the processor usage docs still
> references using the JAAS file.
> >
> >
> >
> > From: Jeremy Dyer [mailto:jdye64@gmail.com]
> > Sent: Tuesday, February 26, 2019 10:00 AM
> > To: users@nifi.apache.org
> > Subject: [EXTERNAL] Re: PublishKafka_1_0 Kerberos
> >
> >
> >
> > A JAAS file is not required. Can you point me to the documentation that
> is confusing so I can change that as well
> >
> >
> >
> > On Tue, Feb 26, 2019 at 7:57 AM Dan Caulfield <da...@gm.com>
> wrote:
> >
> > Is a JAAS file still required when using SASL_PLAINTEXT or SASL_SSL?
> Since the Kerberos Credential Service and the Processor itself has all of
> the information that the JAAS file would contain it seems to contradict the
> documentation.
> >
> >
> >
> >
> > Dan Caulfield
> > Hyper Scale Engineer
> >
> > GM – NA Information Technology – Hyper Scale Data Solutions
> >
> > dan.caulfield@gm.com
> > T +1 5128403497
> >
> >
> >
> >
> >
> > Nothing in this message is intended to constitute an electronic
> signature unless a specific statement to the contrary is included in this
> message.
> >
> > Confidentiality Note: This message is intended only for the person or
> entity to which it is addressed. It may contain confidential and/or
> privileged material. Any review, transmission, dissemination or other use,
> or taking of any action in reliance upon this message by persons or
> entities other than the intended recipient is prohibited and may be
> unlawful. If you received this message in error, please contact the sender
> and delete it from your computer.
> >
> >
> >
> > Nothing in this message is intended to constitute an electronic
> signature unless a specific statement to the contrary is included in this
> message.
> >
> > Confidentiality Note: This message is intended only for the person or
> entity to which it is addressed. It may contain confidential and/or
> privileged material. Any review, transmission, dissemination or other use,
> or taking of any action in reliance upon this message by persons or
> entities other than the intended recipient is prohibited and may be
> unlawful. If you received this message in error, please contact the sender
> and delete it from your computer.
>

Re: [EXTERNAL] Re: PublishKafka_1_0 Kerberos

[Bryan Bende <bb...@gmail.com>]

Hi Dan,

There is a note in there somewhere that says it doesn't have to be
specified in the JAAS file...

"Alternatively, the JAAS configuration when using GSSAPI can be
provided by specifying the Kerberos Principal and Kerberos Keytab
directly in the processor properties. This will dynamically create a
JAAS configuration like above, and will take precedence over the
java.security.auth.login.config system property. "

We could also update that to mention that the Keytab Credential
Service can take precedence over the principal and keytab directly in
the processor.

Thanks,

Bryan

On Tue, Feb 26, 2019 at 11:13 AM Dan Caulfield <da...@gm.com> wrote:
>
> The additional details link within the processor usage docs still references using the JAAS file.
>
>
>
> From: Jeremy Dyer [mailto:jdye64@gmail.com]
> Sent: Tuesday, February 26, 2019 10:00 AM
> To: users@nifi.apache.org
> Subject: [EXTERNAL] Re: PublishKafka_1_0 Kerberos
>
>
>
> A JAAS file is not required. Can you point me to the documentation that is confusing so I can change that as well
>
>
>
> On Tue, Feb 26, 2019 at 7:57 AM Dan Caulfield <da...@gm.com> wrote:
>
> Is a JAAS file still required when using SASL_PLAINTEXT or SASL_SSL?  Since the Kerberos Credential Service and the Processor itself has all of the information that the JAAS file would contain it seems to contradict the documentation.
>
>
>
>
> Dan Caulfield
> Hyper Scale Engineer
>
> GM – NA Information Technology – Hyper Scale Data Solutions
>
> dan.caulfield@gm.com
> T +1 5128403497
>
>
>
>
>
> Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.
>
> Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer.
>
>
>
> Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.
>
> Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer.

RE: [EXTERNAL] Re: PublishKafka_1_0 Kerberos

[Dan Caulfield <da...@gm.com>]

The additional details link within the processor usage docs still references using the JAAS file.

From: Jeremy Dyer [mailto:jdye64@gmail.com]
Sent: Tuesday, February 26, 2019 10:00 AM
To: users@nifi.apache.org
Subject: [EXTERNAL] Re: PublishKafka_1_0 Kerberos

A JAAS file is not required. Can you point me to the documentation that is confusing so I can change that as well

On Tue, Feb 26, 2019 at 7:57 AM Dan Caulfield <da...@gm.com>> wrote:
Is a JAAS file still required when using SASL_PLAINTEXT or SASL_SSL?  Since the Kerberos Credential Service and the Processor itself has all of the information that the JAAS file would contain it seems to contradict the documentation.


Dan Caulfield
Hyper Scale Engineer
GM – NA Information Technology – Hyper Scale Data Solutions
dan.caulfield@gm.com<ma...@gm.com>
T +1 5128403497
[cid:image002.png@01D30624.FDB82750]



Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.

Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer.


Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.

Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer.