Kafka Console consumer with kerberos authenticatio

2020-06-21 00:06发布

问题:

How to consume published messages from the kafka (version 0.10) server which was kerberos authorized, for the authentication keytab file is being used.

I tried with the below command but no outputs were shown.

bin/kafka-console-consumer.sh --bootstrap-server :9092 --topic --from-beginning

回答1:

Kerberos-enabled clusters can pose some tricky challenges at times. I've had to deal with some of these myself.

If the Kafka Cluster is Kerberos-enabled then you'll need to supply a jaas.conf file with the Kerberos details. Try following these steps(they worked for me):

  1. Create a jaas.conf file with the following contents:
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="<path-to-the-keytab-file>"
principal="<kafka-principal>";
};

Note: I've assumed that the Kafka principal and the associated keytab is already created. If not, you'll need to create these first.

  1. Create a properties file (say "consumer.properties") with the following contents:
security.protocol=SASL_PLAINTEXT
sasl.kerberos.service.name=kafka
  1. Then at the terminal run the following command:
$export KAFKA_OPTS="-Djava.security.auth.login.config=<path-to-jaas.conf>"
  1. Execute the Kafka-console-consumer script:
$ kafka-console-consumer --topic <topic-name> --from-beginning 
--bootstrap-server <anybroker>:9092 --consumer.config <consumer.properties>

I hope this helps.