Kafka Eagle
HomeGithub
  • Preface
  • 1.Introduction
    • 1.What is EFAK
    • 2.Getting Started
  • 2.Installation
    • 1.Requirements
    • 2.Install on Linux/macOS
    • 3.Install on Windows
    • 4.Configuration
    • 5.Security
  • 3.QuickStart
    • 1.Dashboard
    • 2.Topics
    • 3.Consumers
    • 4.Clusters
    • 5.Alarm
    • 6.Shell
    • 7.KSQL
    • 8.Metrics
    • 9.TV
    • 10.System
  • 4.Architecture
    • 1.Introduction
    • 2.Data Collection
    • 3.Core Modules
    • 4.Advanced
  • 5.ChangeLog
    • 1.Release Notes
    • 2.ChangeLog
  • 6.FAQ
    • 1.FAQ
Powered by GitBook
On this page
  • 2.5.1 Overview
  • 2.5.2 Kerberos
  • 2.5.3 PLAIN
  • 2.5.4 SCRAM-SHA-256
  • 2.5.5 OAUTHBEARER
  • 2.5.6 SSL
  • 2.5.7 CGroups
  1. 2.Installation

5.Security

2.5.1 Overview

If your Kafka cluster has set security authentication, you need to set the corresponding security authentication information in EFAK.

  • SASL/GSSAPI (Kerberos)

  • SASL/PLAIN

  • SASL/SCRAM-SHA-256

  • SASL/OAUTHBEARER

  • SSL

  • CGROUPS (SASL & SSL)

2.5.2 Kerberos

EFAK system-config.properties file setting:

######################################
# kafka  sasl authenticate
######################################
cluster1.efak.sasl.enable=true
cluster1.efak.sasl.protocol=SASL_PLAINTEXT
cluster1.efak.sasl.mechanism=GSSAPI
cluster1.efak.sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab="/etc/security/keytabs/kafka_client.keytab" principal="kafka-eagle.org@EXAMPLE.COM";
# make sure there is a local ticket cache "klist -l" to view
# cluster1.efak.sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTicket=true serviceName="kafka-eagle.org";
# if your kafka cluster doesn't require it, you don't need to set it up
# cluster1.efak.sasl.client.id=

2.5.3 PLAIN

EFAK system-config.properties file setting:

######################################
# kafka  sasl authenticate
######################################
cluster1.efak.sasl.enable=true
cluster1.efak.sasl.protocol=SASL_PLAINTEXT
cluster1.efak.sasl.mechanism=PLAIN
cluster1.efak.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka" password="kafka-eagle";
# if your kafka cluster doesn't require it, you don't need to set it up
# cluster1.efak.sasl.client.id=

2.5.4 SCRAM-SHA-256

EFAK system-config.properties file setting:

######################################
# kafka  sasl authenticate
######################################
cluster1.efak.sasl.enable=true
cluster1.efak.sasl.protocol=SASL_PLAINTEXT
cluster1.efak.sasl.mechanism=SCRAM-SHA-256
cluster1.efak.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="kafka" password="kafka-eagle";
# if your kafka cluster doesn't require it, you don't need to set it up
# cluster1.efak.sasl.client.id=

2.5.5 OAUTHBEARER

If you use this authentication, you need to make sure that your Kafka cluster version is after 2.x, EFAK system-config.properties file setting:

######################################
# kafka  sasl authenticate
######################################
cluster1.efak.sasl.enable=true
cluster1.efak.sasl.protocol=SASL_PLAINTEXT
cluster1.efak.sasl.mechanism=OAUTHBEARER
cluster1.efak.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredLoginStringClaim_sub="kafka-eagle";
# if your kafka cluster doesn't require it, you don't need to set it up
# cluster1.efak.sasl.client.id=

2.5.6 SSL

If you use this authentication(ssl), you need to make sure that your Kafka cluster version is after 2.x, EFAK system-config.properties file setting:

######################################
# kafka ssl authenticate
######################################
cluster3.efak.ssl.enable=true
cluster3.efak.ssl.protocol=SSL
# kafka server.properties "ssl.truststore.location" value
cluster3.efak.ssl.truststore.location=/data/kafka/ssl/certificates/kafka.truststore
# kafka server.properties "ssl.truststore.password" value
cluster3.efak.ssl.truststore.password=ke123456
# kafka server.properties "ssl.keystore.location" value
cluster3.efak.ssl.keystore.location=/data/kafka/ssl/certificates/kafka.keystore
# kafka server.properties "ssl.keystore.password" value
cluster3.efak.ssl.keystore.password=ke123456
# kafka server.properties "ssl.endpoint.identification.algorithm" value
cluster3.efak.ssl.endpoint.identification.algorithm=https
# kafka server.properties "ssl.key.password" value
cluster3.efak.ssl.key.password=ke123456

2.5.7 CGroups

When using permission authentication (such as SASL Or SSL), the user you are using only supports managing a limited number of kafka topics. You can enable the following properties:

# SASL
cluster1.efak.sasl.cgroup.enable=true
cluster1.efak.sasl.cgroup.topics=topic1,topic2,topic3
# SSL
cluster2.efak.ssl.cgroup.enable=true
cluster2.efak.ssl.cgroup.topics=topic4,topic5,topic6
Previous4.ConfigurationNext3.QuickStart

Last updated 2 years ago