Tzu-Li (Gordon) Tai created FLINK-6713:
------------------------------------------
Summary: Document how to allow multiple Kafka consumers /
producers to authenticate using different credentials
Key: FLINK-6713
URL: https://issues.apache.org/jira/browse/FLINK-6713
Project: Flink
Issue Type: Improvement
Components: Documentation, Kafka Connector
Reporter: Tzu-Li (Gordon) Tai
Assignee: Tzu-Li (Gordon) Tai
The doc improvements should include:
1. Clearly state that the built-in JAAS security module in Flink is a JVM
process-wide static JAAS file installation (all static JAAS files are, not
Flink specific), and therefore only allows all Kafka consumers and producers in
a single JVM (and therefore the whole job, since we do not allow assigning
operators to specific slots) to authenticate as one single user.
2. If Kerberos authentication is used, 2 approaches: 1) with Flink's built-in
Kerberos support, multiple user principals need to be merged as a single
keytab, or 2) self-ship multiple keytab files, and use Kafka's dynamic JAAS
configuration through client properties to point to separate keytabs for each
consumer / producer. Note that ticket cache would never work for multiple
authentications.
3. If plain simple login is used: Kafka's dynamic JAAS configuration should be
used (and is the only way to do so).
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
