We can pass jaas conf by exporting below variable before starting the
kafka-acls.sh script. another option is to use AdminClient API.
export KAFKA_OPTS="-Djava.security.krb5.conf=/etc/krb5.conf
-Djava.security.auth.login.config=zk_client_jaas.conf"
zk_client_jaas.conf:
// Zookeeper client authentication
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/etc/security/keytabs/kafka_server.keytab"
principal="kafka/kafka1.hostname....@example.com";
};
On Thu, Aug 23, 2018 at 4:44 PM HG <hanspeter.sl...@gmail.com> wrote:
> Hi,
>
> I searched for an option with which I can provide credentials but I did not
> find them.
> Is there another way to reach the same goal?
> Regards Hans
>
> Op do 23 aug. 2018 om 13:00 schreef Manikumar <manikumar.re...@gmail.com>:
>
> > "kafka-acls.sh" script communicates directly with zookeeper.
> > We should run kafka-acls.sh as kafka user (super user) to get write
> > permission on zk.
> > We should pass required jaas conf to the script.
> >
> > On Thu, Aug 23, 2018 at 3:02 PM HG <hanspeter.sl...@gmail.com> wrote:
> >
> > > Hi,
> > >
> > > I have an environment with SSL, SASL and ACL's enabled.
> > > When I set zookeeper.set_acl=true in the server.properties file of the
> > > brokers I cannot create topics , ACL's etc.
> > >
> > > [root@host201 kafka]# bin/kafka-acls.sh --authorizer-properties
> > > zookeeper.connect=localhost:2181 --add --allow-principal User:admin
> > > --operation All --topic '*' --cluster
> > > Error while executing ACL command: KeeperErrorCode = NoAuth for
> > > /kafka-acl/Topic
> > > org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
> > > NoAuth for /kafka-acl/Topic
> > > at
> > > org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
> > > ..
> > > I have specified super users too in the server.properties.
> > >
> > > Any idea's what I am doing wrong?
> > >
> > > Regards Hans
> > >
> >
>
