You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Overview
There are a multitude of ways to connect to Kafka brokers; while this provider currently supports authenticating with sasl_mechanism=plain/scram-sha512/scram-sha256, for security reasons some production Kafka brokers only enable authenticating with GSSAPI (full details here), thus the provider doesn't work for these Kafka clusters.
Looking at the IBM Sarama library, it already supports the GSSAPI SASL mechanism along with tuning GSSAPI-specific configurations (code snippet here), so it'll take some work but we won't have to reinvent the wheel.
Expected Behaviour
Apart from existing kafka authentication methods, the provider should allow authenticating using GSSAPI for Kerberos too. Authenticating should support using a kerberos keytab as well.
What to update
Within kafka/provider.go, add a couple of new fields to the provider definition and allow "GSSAPI" as an additional saslMechanism switch-case:
gssapi_keytab_path (string)
gssapi_username (string)
gssapi_realm (string)
gssapi_kerberos_config_path (string)
gssapi_disable_pafx_fast (bool)
Within kafka/config.go, add an additional switch-case for "GSSAPI" saslMechanism and configure the following for the sarama.Client class instance:
Overview
There are a multitude of ways to connect to Kafka brokers; while this provider currently supports authenticating with
sasl_mechanism=plain/scram-sha512/scram-sha256, for security reasons some production Kafka brokers only enable authenticating withGSSAPI(full details here), thus the provider doesn't work for these Kafka clusters.Looking at the IBM Sarama library, it already supports the
GSSAPISASL mechanism along with tuning GSSAPI-specific configurations (code snippet here), so it'll take some work but we won't have to reinvent the wheel.Expected Behaviour
Apart from existing kafka authentication methods, the provider should allow authenticating using GSSAPI for Kerberos too. Authenticating should support using a kerberos keytab as well.
Example
What to update
Within
kafka/provider.go, add a couple of new fields to the provider definition and allow "GSSAPI" as an additionalsaslMechanismswitch-case:Within
kafka/config.go, add an additional switch-case for "GSSAPI"saslMechanismand configure the following for the sarama.Client class instance:The text was updated successfully, but these errors were encountered: