/** * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE * file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file * to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the * License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. */ {% if static_jaas_conf %} KafkaClient { {% endif %} {% if "GSSAPI" in client_sasl_mechanism %} {% if is_ibm_jdk %} com.ibm.security.auth.module.Krb5LoginModule required debug=false credsType=both useKeytab="file:/mnt/security/keytab" principal="client@EXAMPLE.COM"; {% else %} com.sun.security.auth.module.Krb5LoginModule required debug=false doNotPrompt=true useKeyTab=true storeKey=true keyTab="/mnt/security/keytab" principal="client@EXAMPLE.COM"; {% endif %} {% elif client_sasl_mechanism == "PLAIN" %} org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="client-secret"; {% elif "SCRAM-SHA-256" in client_sasl_mechanism or "SCRAM-SHA-512" in client_sasl_mechanism %} org.apache.kafka.common.security.scram.ScramLoginModule required username="{{ SecurityConfig.SCRAM_CLIENT_USER }}" password="{{ SecurityConfig.SCRAM_CLIENT_PASSWORD }}"; {% endif %} {% if static_jaas_conf %} }; KafkaServer { {% if "GSSAPI" in enabled_sasl_mechanisms %} {% if is_ibm_jdk %} com.ibm.security.auth.module.Krb5LoginModule required debug=false credsType=both useKeytab="file:/mnt/security/keytab" principal="kafka/{{ node.account.hostname }}@EXAMPLE.COM"; {% else %} com.sun.security.auth.module.Krb5LoginModule required debug=false doNotPrompt=true useKeyTab=true storeKey=true keyTab="/mnt/security/keytab" principal="kafka/{{ node.account.hostname }}@EXAMPLE.COM"; {% endif %} {% endif %} {% if "PLAIN" in enabled_sasl_mechanisms %} org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka" password="kafka-secret" user_client="client-secret" user_kafka="kafka-secret"; {% endif %} {% if "SCRAM-SHA-256" in client_sasl_mechanism or "SCRAM-SHA-512" in client_sasl_mechanism %} org.apache.kafka.common.security.scram.ScramLoginModule required username="{{ SecurityConfig.SCRAM_BROKER_USER }}" password="{{ SecurityConfig.SCRAM_BROKER_PASSWORD }}"; {% endif %} }; {% if zk_sasl %} Client { {% if is_ibm_jdk %} com.ibm.security.auth.module.Krb5LoginModule required debug=false credsType=both useKeytab="file:/mnt/security/keytab" principal="zkclient@EXAMPLE.COM"; {% else %} com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="/mnt/security/keytab" storeKey=true useTicketCache=false principal="zkclient@EXAMPLE.COM"; {% endif %} }; Server { {% if is_ibm_jdk %} com.ibm.security.auth.module.Krb5LoginModule required debug=false credsType=both useKeyTab="file:/mnt/security/keytab" principal="zookeeper/{{ node.account.hostname }}@EXAMPLE.COM"; {% else %} com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="/mnt/security/keytab" storeKey=true useTicketCache=false principal="zookeeper/{{ node.account.hostname }}@EXAMPLE.COM"; {% endif %} }; {% endif %} {% endif %}