Re: Making a Window services for kafka having sasl and ssl configuration

2018-04-03 Thread Martin Gainty 





From: ashish chauhan 
Sent: Tuesday, April 3, 2018 4:16 AM
To: users@kafka.apache.org
Subject: Making a Window services for kafka having sasl and ssl configuration

I am trying to make Window services for kafka having sasl and ssl
configuration to keep it always running when my machine starts. I am not
sure how to set the following at run time for ssl authentication
,configuring and setting the jvm parameter before making the window
services.

set 
KAFKA_OPTS=-Djava.security.auth.login.config=C:\kafka_2.11-0.10.0.1\kafka_2.11-0.10.0.1\config\kafka_server_jaas.conf

kafka-configs.bat --zookeeper localhost:2181 --alter --add-config
"SCRAM-SHA-256=[iterations=8192,password=alice-secret],SCRAM-SHA-512=[password=alice-secret]"
--entity-type users --entity-name alice

kafka-configs.bat --zookeeper localhost:2181 --alter --add-config
"SCRAM-SHA-256=[iterations=8192,password=admin-secret],SCRAM-SHA-512=[password=admin-secret]"
--entity-type users --entity-name admin

MG>so what you want is not -add-config but -addauth but read this first

MG>https://cwiki.apache.org/confluence/display/ZOOKEEPER/Client-Server+mutual+authentication
Client-Server mutual authentication - Apache ZooKeeper 
...
cwiki.apache.org
This guide describes how to enable secure communication between client and 
server using SASL mechanism. ZooKeeper supports Kerberos or DIGEST-MD5 as your 
authentication scheme.

addauth

The SASL authentication scheme differs from certain other schemes in that the 
"addauth  " command has no effect if scheme is "sasl".
This is because authentication is performed using SASL-enabled token exchange 
IMMEDIATELY after connection, rather than occuring any time after connection, 
as addauth is.

MG>since you already have an established connection then -addauth fails
MG>does that conform to your findings?

Need some guidance in making such window service.

Thanks and Regards
Ashish

Making a Window services for kafka having sasl and ssl configuration

2018-04-03 Thread ashish chauhan 
I am trying to make Window services for kafka having sasl and ssl
configuration to keep it always running when my machine starts. I am not
sure how to set the following at run time for ssl authentication
,configuring and setting the jvm parameter before making the window
services.

set 
KAFKA_OPTS=-Djava.security.auth.login.config=C:\kafka_2.11-0.10.0.1\kafka_2.11-0.10.0.1\config\kafka_server_jaas.conf

kafka-configs.bat --zookeeper localhost:2181 --alter --add-config
"SCRAM-SHA-256=[iterations=8192,password=alice-secret],SCRAM-SHA-512=[password=alice-secret]"
--entity-type users --entity-name alice

kafka-configs.bat --zookeeper localhost:2181 --alter --add-config
"SCRAM-SHA-256=[iterations=8192,password=admin-secret],SCRAM-SHA-512=[password=admin-secret]"
--entity-type users --entity-name admin

Need some guidance in making such window service.

Thanks and Regards
Ashish