Hi,
I am using Kafka 0.10.1.0 and kerberozied cluster.
Kafka_jaas.conf file:
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/security/keytabs/kafka.service.keytab"
storeKey=true
useTicketCache=false
serviceName="zookeeper"
principal="kafka/h...@example.com";
};
If I change the keytab to user keytab (ex kafkatest) topic will be
created. (Creating topic using kafka console command). It is not
having any metadata information and leader assigned to it
(As kafka service user is not having access. because when i check
under zookeeper nodes it is having below permission for the topic
node)
getAcl /brokers/topicsuser-topic-test1
'world,'anyone
: r
'sasl,'kafkatest
: cdrwa
So, if i do setAcl /brokers/topics/user-topic-test1
world:anyone:r,sasl:kafkatest:cdrwa,sasl:kafka:cdrwa and then restart
kafka, the topic is having leader assigned to it.
So, is it mandatory for Client Section to use kafka service keytab or
add the keytab specified in the keyTab to super user to make it work?
Could any one please provide information on this.
Thanks
