You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Grzegorz Kokosinski (Jira)" <ji...@apache.org> on 2019/12/26 21:49:00 UTC

[jira] [Created] (KAFKA-9336) Connecting to Kafka using forwarded Kerberos credentials

Grzegorz Kokosinski created KAFKA-9336:
------------------------------------------

             Summary: Connecting to Kafka using forwarded Kerberos credentials
                 Key: KAFKA-9336
                 URL: https://issues.apache.org/jira/browse/KAFKA-9336
             Project: Kafka
          Issue Type: Improvement
          Components: clients
            Reporter: Grzegorz Kokosinski


My application is using forwarded Kerberos tickets, see: [https://web.mit.edu/kerberos/krb5-latest/doc/user/tkt_mgmt.html].

Users authenticates in my JMV-based remote service using KRB, then in my service I would like to connect to Kafka (via KafkaProducer or KarkaConsumer) using user KRB credentials. It looks like currently this scenario is impossible to be implemented, because the only option to authenticate to Kafka with KRB is via JVM system property: -Djava.security.auth.login.config=/etc/kafka/kafka_client_jaas.conf.

Notice that I don't have a keytab file but only: [https://docs.oracle.com/javase/7/docs/api/org/ietf/jgss/GSSCredential.html.|https://docs.oracle.com/javase/7/docs/api/org/ietf/jgss/GSSCredential.html] GSSCredential allows me to use [https://docs.oracle.com/javase/7/docs/api/javax/security/auth/Subject.html#doAs(javax.security.auth.Subject,%20java.security.PrivilegedAction)] which typically works in other systems like Postgres to authenticate the user with KRB using forwarded ticket.

 

 

afka requires to use 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)