If your Kafka cluster has set security authentication, you need to set the corresponding security authentication information in EFAK.
SASL/GSSAPI (Kerberos)
SASL/PLAIN
SASL/SCRAM-SHA-256
SASL/OAUTHBEARER
SSL
CGROUPS (SASL & SSL)
2.5.2 Kerberos
EFAK system-config.properties file setting:
####################################### kafka sasl authenticate######################################cluster1.efak.sasl.enable=truecluster1.efak.sasl.protocol=SASL_PLAINTEXTcluster1.efak.sasl.mechanism=GSSAPIcluster1.efak.sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab="/etc/security/keytabs/kafka_client.keytab" principal="kafka-eagle.org@EXAMPLE.COM";
# make sure there is a local ticket cache "klist -l" to view# cluster1.efak.sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTicket=true serviceName="kafka-eagle.org";
# if your kafka cluster doesn't require it, you don't need to set it up# cluster1.efak.sasl.client.id=
2.5.3 PLAIN
EFAK system-config.properties file setting:
####################################### kafka sasl authenticate######################################cluster1.efak.sasl.enable=truecluster1.efak.sasl.protocol=SASL_PLAINTEXTcluster1.efak.sasl.mechanism=PLAINcluster1.efak.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka" password="kafka-eagle";
# if your kafka cluster doesn't require it, you don't need to set it up# cluster1.efak.sasl.client.id=
2.5.4 SCRAM-SHA-256
EFAK system-config.properties file setting:
####################################### kafka sasl authenticate######################################cluster1.efak.sasl.enable=truecluster1.efak.sasl.protocol=SASL_PLAINTEXTcluster1.efak.sasl.mechanism=SCRAM-SHA-256cluster1.efak.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="kafka" password="kafka-eagle";
# if your kafka cluster doesn't require it, you don't need to set it up# cluster1.efak.sasl.client.id=
2.5.5 OAUTHBEARER
If you use this authentication, you need to make sure that your Kafka cluster version is after 2.x, EFAK system-config.properties file setting:
####################################### kafka sasl authenticate######################################cluster1.efak.sasl.enable=truecluster1.efak.sasl.protocol=SASL_PLAINTEXTcluster1.efak.sasl.mechanism=OAUTHBEARERcluster1.efak.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredLoginStringClaim_sub="kafka-eagle";
# if your kafka cluster doesn't require it, you don't need to set it up# cluster1.efak.sasl.client.id=
2.5.6 SSL
If you use this authentication(ssl), you need to make sure that your Kafka cluster version is after 2.x, EFAK system-config.properties file setting:
When using permission authentication (such as SASL Or SSL), the user you are using only supports managing a limited number of kafka topics. You can enable the following properties:
