Juju猫
这家伙太懒,什么都没留下
这家伙太懒,什么都没留下
已经解决了,由于时间较长,不记得如何解决的这个问题。大致告诉你一下开启zookeeper的kerberos的步骤:
1、修改conf/zookeeper.properties 添加如下内容:
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
jaasLoginRenew=3600000
2、新建zookeeper的认证配置文件 vi conf/zookeeper_server_jass.conf
Server{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/etc/security/keytabs/zookeeper.keytab"
principal="zookeeper/xxx@EXAMPLE.COM";
};
3、修改启动脚本zookeeper-server-start.sh 添加如下内容:
export KAFKA_OPTS="-Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/DATA/kafka/config/zookeeper_jaas.conf"
kafka的kerberos启动步骤如下:
1、修改配置文件vi conf/server.properties,添加或修改如下内容:
host=xxx.xxx.xxx.xxx
port=9092
listeners=SASL_PLAINTEXT://xxx.xxx.xxx.xxx:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=GSSAPI
sasl.enabled.mechanisms=GSSAPI
sasl.kerberos.service.name=kafka
advertised.host=xxx.xxx.xxx.xxx
advertised.port=9092
advertised.listeners=SASL_PLAINTEXT://xxx.xxx.xxx.xxx:9092
2、建立kafka的认证配置文件kafka_server_jaas.conf
KafkaServer {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/etc/security/keytabs/krb.keytab"
principal="kafka/xxxxxxxx@EXAMPLE.COM";
};
// Zookeeper client authentication
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/etc/security/keytabs/zookeeperclient.keytab"
principal="zookeeperclient/xxxxxxxx@EXAMPLE.COM";
};
3、修改启动脚本kafka-server-start.sh,添加如下内容:
export KAFKA_OPTS="-Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/DATA/kafka/config/kafka_server_jaas.conf"
祝你好运
