c++使用librdkafka kerberos认证
sasl.kerberos.kinit.cmd命令不用加,文档上面写的是默认执行:kinit -R -t "%{sasl.kerberos.keytab}" -k %{sasl.kerberos.principal} || kinit -t "%{sasl.kerberos.keytab}" -k %{sasl.kerberos.principal}把krb5.conf拷贝到/etc/目录替换到原
1 增加配置:
# Use SASL plaintext
security.protocol=SASL_PLAINTEXT
# Broker service name
sasl.kerberos.service.name=$SERVICENAME
# Client keytab location
sasl.kerberos.keytab=/etc/security/keytabs/${CLIENT_NAME}.keytab
# sasl.kerberos.principal
sasl.kerberos.principal=${CLIENT_NAME}/${CLIENT_HOST}
sasl.kerberos.kinit.cmd命令不用加,文档上面写的是默认执行:kinit -R -t "%{sasl.kerberos.keytab}" -k %{sasl.kerberos.principal} || kinit -t "%{sasl.kerberos.keytab}" -k %{sasl.kerberos.principal}
2 ubuntu客户端安装软件:
apt-get libsasle-modules-gssapi-mit
apt-get libsasle-dev
apt-get krb5-user
apt-get krb5-config
设置环境变量 KRB5_CONFIG=/***/krb5.conf
把krb5.conf拷贝到/etc/目录替换到原来的krb5.conf文件
3 我这边连接kafka后报错:Failed to initialize SASL authentication: SASL handshake failed (start (-1)): SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Included profile directory could not be read) (after 0ms in state AUTH_REQ)
其中最主要的报错信息是Included profile directory could not be read,查找之后是krb5.conf文件开头多了一行includedir /etc/krb5.conf.d/,把这行删除,因为不确定默认读的是哪个krb5.conf文件,我把krb5.conf的includedir都删了
4 打包镜像,运行成功。
参考文档:librdkafka: Configuration properties
Kerberos - Community Help Wiki
kinit: Included profile directory could not be read while initializing Kerberos 5 library - 爱码网Using SASL with librdkafka · edenhill/librdkafka Wiki · GitHub
更多推荐
所有评论(0)