Administration
Also available as:
PDF
loading table of contents...

Using Fastcapa in a Kerberized Environment

You can use the Fastcapa probe in a Kerberized environment. Follow these steps to use Fastcapa with Kerberos.

Prerequisites

The following task assumes that you have configured the following values. If necessary, change these values to match your environment.

  • The Kafka broker is at kafka1:6667.

  • ZooKeeper is at zookeeper1:2181.

  • The Kafka security protocol is SASL_PLAINTEXT.

  • The keytab used is located at /etc/security/keytabs/metron.headless.keytab.

  • The service principal is metron@EXAMPLE.COM.

  1. Build Librdkafka with SASL support (--enable-sasl):

    wget https://github.com/edenhill/librdkafka/archive/v0.9.4.tar.gz  -O - | tar -xz
    cd librdkafka-0.9.4/
    ./configure --prefix=$RDK_PREFIX --enable-sasl
    make 
    make install
    
  2. Verify that Librdkafka supports SASL:

    $ examples/rdkafka_example -X builtin.features
    builtin.features = gzip,snappy,ssl,sasl,regex
    
  3. If Librdkafka does not support SASL, install libsasl or libsasl2. Use the following command to install libsasl on your CentOS environment:

    yum install -y cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi
    
  4. Grant access to your Kafka topic (in this example, named pcap):.

    $KAFKA_HOME/bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer \
      --authorizer-properties zookeeper.connect=zookeeper1:2181 \
      --add --allow-principal User:metron --topic pcap
    
  5. Obtain a Kerberos ticket:

    kinit -kt /etc/security/keytabs/metron.headless.keytab metron@EXAMPLE.COM
    
  6. Add the following additional configuration values to your Fastcapa configuration file:

    security.protocol = SASL_PLAINTEXT
    sasl.kerberos.keytab = /etc/security/keytabs/metron.headless.keytab
    sasl.kerberos.principal = metron@EXAMPLE.COM
    
  7. Run Fastcapa.