Re: Setup Kerberos for Kafka on Ubuntu Linux
Thanks Gerrit, let me try the pointers you mentioned above. Thanks a lot for your help. On Fri, Dec 30, 2016 at 8:57 AM, Gerrit Jansen van Vuuren < gerrit...@gmail.com> wrote: > also, before tinkering with Kerberos, I'd advise to read the first 4 > chapters of "Kerberos: The Definite Guide" > https://www.amazon.com/Kerberos-Definitive-Guide- > Jason-Garman/dp/0596004036/ref=sr_1_1?ie=UTF8&qid= > 1483116842&sr=8-1&keywords=kerberos > > It helped me and after a week of reading I could get started working on > using kerberos without getting senselessly frustrated all the time. > > > > On Fri, Dec 30, 2016 at 5:49 PM, Gerrit Jansen van Vuuren < > gerrit...@gmail.com> wrote: > > > make sure kafka1 is the FQN and that the server kafka1 can resolve > > properly from you're kerberos server, EXAMPLE.COM should be a realm that > > is configured in krb5.conf and kdc.conf, with the adequate domain > mappings > > for kafka1 to this realm. > > > > Kerberos is a pain and there are tons of stuff that can go wrong :) > > > > As part of adding kerberos to the kafka-clj connector I've setup a > Vagrant > > build that creates kerberos and kafka kerberised instances, this may help > > you getting started if all you're looking for is testing kafka with > > kerberos. > > > > https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka- > > clj/doc/vagrant.md > > > > https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka- > > clj/Vagrantfile > > See https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka- > > clj/vagrant/scripts/kerberos.sh (installs kerberos and adds principles) > > > > note: still under development :) > > > > > > On Fri, Dec 30, 2016 at 5:19 PM, Raghav wrote: > > > >> Hi > >> > >> I have never dabbled Kafka with security settings. I was trying to > follow > >> this blog to get it working: > >> http://kafka.apache.org/documentation.html#security_sasl > >> > >> But I can't seem to add principals for Kafka in Kerberos server, and I > am > >> getting the following error: > >> > >> dp@kdc:~$ sudo /usr/sbin/kadmin.local -q 'addprinc -randkey kafka/ > >> kaf...@example.com' > >> [sudo] password for dp: > >> Authenticating as principal root/ad...@example.com with password. > >> WARNING: no policy specified for kafka/kaf...@example.com; defaulting > to > >> no > >> policy > >> add_principal: No such entry in the database while creating "kafka/ > >> kaf...@example.com". > >> dp@kdc:~$ ^C > >> > >> Can anyone share more insight into how they got a simple Kerberos server > >> to > >> work with Kafka, and able to send one message end to end. I greatly > >> appreciate your help. > >> > >> Many thanks. > >> > >> -- > >> Raghav > >> > > > > > -- Raghav
Re: Setup Kerberos for Kafka on Ubuntu Linux
also, before tinkering with Kerberos, I'd advise to read the first 4 chapters of "Kerberos: The Definite Guide" https://www.amazon.com/Kerberos-Definitive-Guide-Jason-Garman/dp/0596004036/ref=sr_1_1?ie=UTF8&qid=1483116842&sr=8-1&keywords=kerberos It helped me and after a week of reading I could get started working on using kerberos without getting senselessly frustrated all the time. On Fri, Dec 30, 2016 at 5:49 PM, Gerrit Jansen van Vuuren < gerrit...@gmail.com> wrote: > make sure kafka1 is the FQN and that the server kafka1 can resolve > properly from you're kerberos server, EXAMPLE.COM should be a realm that > is configured in krb5.conf and kdc.conf, with the adequate domain mappings > for kafka1 to this realm. > > Kerberos is a pain and there are tons of stuff that can go wrong :) > > As part of adding kerberos to the kafka-clj connector I've setup a Vagrant > build that creates kerberos and kafka kerberised instances, this may help > you getting started if all you're looking for is testing kafka with > kerberos. > > https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka- > clj/doc/vagrant.md > > https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka- > clj/Vagrantfile > See https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka- > clj/vagrant/scripts/kerberos.sh (installs kerberos and adds principles) > > note: still under development :) > > > On Fri, Dec 30, 2016 at 5:19 PM, Raghav wrote: > >> Hi >> >> I have never dabbled Kafka with security settings. I was trying to follow >> this blog to get it working: >> http://kafka.apache.org/documentation.html#security_sasl >> >> But I can't seem to add principals for Kafka in Kerberos server, and I am >> getting the following error: >> >> dp@kdc:~$ sudo /usr/sbin/kadmin.local -q 'addprinc -randkey kafka/ >> kaf...@example.com' >> [sudo] password for dp: >> Authenticating as principal root/ad...@example.com with password. >> WARNING: no policy specified for kafka/kaf...@example.com; defaulting to >> no >> policy >> add_principal: No such entry in the database while creating "kafka/ >> kaf...@example.com". >> dp@kdc:~$ ^C >> >> Can anyone share more insight into how they got a simple Kerberos server >> to >> work with Kafka, and able to send one message end to end. I greatly >> appreciate your help. >> >> Many thanks. >> >> -- >> Raghav >> > >
Re: Setup Kerberos for Kafka on Ubuntu Linux
make sure kafka1 is the FQN and that the server kafka1 can resolve properly from you're kerberos server, EXAMPLE.COM should be a realm that is configured in krb5.conf and kdc.conf, with the adequate domain mappings for kafka1 to this realm. Kerberos is a pain and there are tons of stuff that can go wrong :) As part of adding kerberos to the kafka-clj connector I've setup a Vagrant build that creates kerberos and kafka kerberised instances, this may help you getting started if all you're looking for is testing kafka with kerberos. https://github.com/gerritjvv/kafka-fast/blob/kerberos/ kafka-clj/doc/vagrant.md https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka-clj/Vagrantfile See https://github.com/gerritjvv/kafka-fast/blob/kerberos/ kafka-clj/vagrant/scripts/kerberos.sh (installs kerberos and adds principles) note: still under development :) On Fri, Dec 30, 2016 at 5:19 PM, Raghav wrote: > Hi > > I have never dabbled Kafka with security settings. I was trying to follow > this blog to get it working: > http://kafka.apache.org/documentation.html#security_sasl > > But I can't seem to add principals for Kafka in Kerberos server, and I am > getting the following error: > > dp@kdc:~$ sudo /usr/sbin/kadmin.local -q 'addprinc -randkey kafka/ > kaf...@example.com' > [sudo] password for dp: > Authenticating as principal root/ad...@example.com with password. > WARNING: no policy specified for kafka/kaf...@example.com; defaulting to > no > policy > add_principal: No such entry in the database while creating "kafka/ > kaf...@example.com". > dp@kdc:~$ ^C > > Can anyone share more insight into how they got a simple Kerberos server to > work with Kafka, and able to send one message end to end. I greatly > appreciate your help. > > Many thanks. > > -- > Raghav >