[jira] [Updated] (FLINK-6713) Document how to allow multiple Kafka consumers / producers to authenticate using different credentials

Fri, 24 Dec 2021 14:45:46 -0800 


     [ 
https://issues.apache.org/jira/browse/FLINK-6713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Flink Jira Bot updated FLINK-6713:
----------------------------------
    Labels: auto-deprioritized-major auto-unassigned stale-minor  (was: 
auto-deprioritized-major auto-unassigned)

I am the [Flink Jira Bot|https://github.com/apache/flink-jira-bot/] and I help 
the community manage its development. I see this issues has been marked as 
Minor but is unassigned and neither itself nor its Sub-Tasks have been updated 
for 180 days. I have gone ahead and marked it "stale-minor". If this ticket is 
still Minor, please either assign yourself or give an update. Afterwards, 
please remove the label or in 7 days the issue will be deprioritized.


> Document how to allow multiple Kafka consumers / producers to authenticate 
> using different credentials
> ------------------------------------------------------------------------------------------------------
>
>                 Key: FLINK-6713
>                 URL: https://issues.apache.org/jira/browse/FLINK-6713
>             Project: Flink
>          Issue Type: Improvement
>          Components: Connectors / Kafka, Documentation
>            Reporter: Tzu-Li (Gordon) Tai
>            Priority: Minor
>              Labels: auto-deprioritized-major, auto-unassigned, stale-minor
>
> The doc improvements should include:
> 1. Clearly state that the built-in JAAS security module in Flink is a JVM 
> process-wide static JAAS file installation (all static JAAS files are, not 
> Flink specific), and therefore only allows all Kafka consumers and producers 
> in a single JVM (and therefore the whole job, since we do not allow assigning 
> operators to specific slots) to authenticate as one single user.
> 2. If Kerberos authentication is used: self-ship multiple keytab files, and 
> use Kafka's dynamic JAAS configuration through client properties to point to 
> separate keytabs for each consumer / producer. Note that ticket cache would 
> never work for multiple authentications.
> 3. If plain simple login is used: Kafka's dynamic JAAS configuration should 
> be used (and is the only way to do so).



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to