also, before tinkering with Kerberos, I'd advise to read the first 4 chapters of "Kerberos: The Definite Guide" https://www.amazon.com/Kerberos-Definitive-Guide-Jason-Garman/dp/0596004036/ref=sr_1_1?ie=UTF8&qid=1483116842&sr=8-1&keywords=kerberos
It helped me and after a week of reading I could get started working on using kerberos without getting senselessly frustrated all the time. On Fri, Dec 30, 2016 at 5:49 PM, Gerrit Jansen van Vuuren < gerrit...@gmail.com> wrote: > make sure kafka1 is the FQN and that the server kafka1 can resolve > properly from you're kerberos server, EXAMPLE.COM should be a realm that > is configured in krb5.conf and kdc.conf, with the adequate domain mappings > for kafka1 to this realm. > > Kerberos is a pain and there are tons of stuff that can go wrong :) > > As part of adding kerberos to the kafka-clj connector I've setup a Vagrant > build that creates kerberos and kafka kerberised instances, this may help > you getting started if all you're looking for is testing kafka with > kerberos. > > https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka- > clj/doc/vagrant.md > > https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka- > clj/Vagrantfile > See https://github.com/gerritjvv/kafka-fast/blob/kerberos/kafka- > clj/vagrant/scripts/kerberos.sh (installs kerberos and adds principles) > > note: still under development :) > > > On Fri, Dec 30, 2016 at 5:19 PM, Raghav <raghavas...@gmail.com> wrote: > >> Hi >> >> I have never dabbled Kafka with security settings. I was trying to follow >> this blog to get it working: >> http://kafka.apache.org/documentation.html#security_sasl >> >> But I can't seem to add principals for Kafka in Kerberos server, and I am >> getting the following error: >> >> dp@kdc:~$ sudo /usr/sbin/kadmin.local -q 'addprinc -randkey kafka/ >> kaf...@example.com' >> [sudo] password for dp: >> Authenticating as principal root/ad...@example.com with password. >> WARNING: no policy specified for kafka/kaf...@example.com; defaulting to >> no >> policy >> add_principal: No such entry in the database while creating "kafka/ >> kaf...@example.com". >> dp@kdc:~$ ^C >> >> Can anyone share more insight into how they got a simple Kerberos server >> to >> work with Kafka, and able to send one message end to end. I greatly >> appreciate your help. >> >> Many thanks. >> >> -- >> Raghav >> > >
