________________________________
From: ashish chauhan <ashishvit...@gmail.com>
Sent: Tuesday, April 3, 2018 4:16 AM
To: users@kafka.apache.org
Subject: Making a Window services for kafka having sasl and ssl configuration
I am trying to make Window services for kafka having sasl and ssl
configuration to keep it always running when my machine starts. I am not
sure how to set the following at run time for ssl authentication
,configuring and setting the jvm parameter before making the window
services.
set
KAFKA_OPTS=-Djava.security.auth.login.config=C:\kafka_2.11-0.10.0.1\kafka_2.11-0.10.0.1\config\kafka_server_jaas.conf
kafka-configs.bat --zookeeper localhost:2181 --alter --add-config
"SCRAM-SHA-256=[iterations=8192,password=alice-secret],SCRAM-SHA-512=[password=alice-secret]"
--entity-type users --entity-name alice
kafka-configs.bat --zookeeper localhost:2181 --alter --add-config
"SCRAM-SHA-256=[iterations=8192,password=admin-secret],SCRAM-SHA-512=[password=admin-secret]"
--entity-type users --entity-name admin
MG>so what you want is not -add-config but -addauth but read this first
MG>https://cwiki.apache.org/confluence/display/ZOOKEEPER/Client-Server+mutual+authentication
Client-Server mutual authentication - Apache ZooKeeper
...<https://cwiki.apache.org/confluence/display/ZOOKEEPER/Client-Server+mutual+authentication>
cwiki.apache.org
This guide describes how to enable secure communication between client and
server using SASL mechanism. ZooKeeper supports Kerberos or DIGEST-MD5 as your
authentication scheme.
addauth
The SASL authentication scheme differs from certain other schemes in that the
"addauth <scheme> <auth>" command has no effect if scheme is "sasl".
This is because authentication is performed using SASL-enabled token exchange
IMMEDIATELY after connection, rather than occuring any time after connection,
as addauth is.
MG>since you already have an established connection then -addauth fails
MG>does that conform to your findings?
Need some guidance in making such window service.
Thanks and Regards
Ashish