Also available as:
loading table of contents...

Using Fastcapa in a Kerberized Environment

You can use the Fastcapa probe in a Kerberized environment. Follow these steps to use Fastcapa with Kerberos.


The following task assumes that you have configured the following values. If necessary, change these values to match your environment.

  • The Kafka broker is at kafka1:6667.

  • ZooKeeper is at zookeeper1:2181.

  • The Kafka security protocol is SASL_PLAINTEXT.

  • The keytab used is located at /etc/security/keytabs/metron.headless.keytab.

  • The service principal is metron@EXAMPLE.COM.

  1. Build Librdkafka with SASL support (--enable-sasl):

    wget  -O - | tar -xz
    cd librdkafka-0.9.4/
    ./configure --prefix=$RDK_PREFIX --enable-sasl
    make install
  2. Verify that Librdkafka supports SASL:

    $ examples/rdkafka_example -X builtin.features
    builtin.features = gzip,snappy,ssl,sasl,regex
  3. If Librdkafka does not support SASL, install libsasl or libsasl2. Use the following command to install libsasl on your CentOS environment:

    yum install -y cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi
  4. Grant access to your Kafka topic (in this example, named pcap):.

    $KAFKA_HOME/bin/ --authorizer \
      --authorizer-properties zookeeper.connect=zookeeper1:2181 \
      --add --allow-principal User:metron --topic pcap
  5. Obtain a Kerberos ticket:

    kinit -kt /etc/security/keytabs/metron.headless.keytab metron@EXAMPLE.COM
  6. Add the following additional configuration values to your Fastcapa configuration file:

    security.protocol = SASL_PLAINTEXT
    sasl.kerberos.keytab = /etc/security/keytabs/metron.headless.keytab
    sasl.kerberos.principal = metron@EXAMPLE.COM
  7. Run Fastcapa.