Kafka Kerberos Account
Overview
You can use the Kafka Kerberos account type to connect the Confluent Kafka Snaps with data sources that use Kafka Kerberos accounts.
Account settings
- Expression icon (
): Allows using JavaScript
syntax to access SnapLogic Expressions to set field values dynamically (if enabled). If
disabled, you can provide a static value. Learn more. - SnapGPT (
): Generates SnapLogic Expressions
based on natural language using SnapGPT. Learn
more. - Suggestion icon (
): Populates a
list of values dynamically based on your Snap configuration.
You can select only one attribute at a time using the icon.
Type into the field if it supports a comma-separated list of values. - Upload
: Uploads files. Learn more.
| Field / Field set | Type | Description |
|---|---|---|
| Label | String |
Required.
Specify a unique label for the account.
Default value: N/A Example: Kafka Kerberos Account_89 |
| Bootstrap Servers | Use this field set to
configure the bootstrap servers. Click  to add a new row in this
table for configuring bootstrap servers. This field set contains the Bootstrap Server field. |
|
| Bootstrap Server | String/Expression |
Specify an ordered list of host:port pairs to establish the initial connection to the Kafka cluster.
Default value: N/A Example: ec2-55-334-44-55.compute-1.amazonaws.com:9000 |
| Schema Registry URL | String/Expression |
Specify the schema registry server URL.
Default value: N/A Example: http://ec2-55-334-44-88.compute-1.amazonaws.com:8000 |
| Advanced Kafka Properties | Use this field set to
specify any additional Kafka properties that are not explicitly
provided in the Snaps for connecting to the Kafka server. Note: The
Advanced Kafka Properties field enables you to define additional
Kafka properties. The properties that you provide here overwrite
any values defined by the Snap. All Kafka properties are
automatically defined by the Snap. These properties are passed
directly to the server and are not tested by SnapLogic, Inc.
This field set contains the following fields:
|
|
| Key | String/Expression |
Specify the key for any Kafka parameters that are not explicitly supported by the Snaps.
Default value: N/A Example: max.message.size |
| Value | String/Expression |
Specify the value for the corresponding key that is not explicitly supported by the Snaps.
Default value: N/A Example: 5MB |
| Security Protocol | String/Expression | Choose a security protocol that GSSAPI/Kerberos authentication
supports. The available options are:
Default value: SASL_PLAINTEXT Example: SASL_PLAINTEXT |
| Principal | String/Expression |
Required. Specify a unique name of a user or
service for authentication. Default value: N/A Example:User: testuser Service: kafka/testhost.example.com |
| Keytab | String/Expression |
Required.
Specify the path of the Kerberos Keytab file that includes the Principals.
Default value: N/A Example: /etc/security/keytabs/nn.service.keytab |
| Truststore Filepath | String/Expression | Provide the location of the Truststore file that is used to
authenticate the server. Note: Provide the location if the Security
Protocol is SASL_SSL and the certificate is not signed by
a Certificate Authority in the system’s Truststore. Default value: N/A Example: kafka.net.ssl.truststore |
| Truststore Password | String |
Specify the password to access the Truststore file, if used.
Default value: N/A Example: test1234 |
Additional Information
When connecting to a Kerberos-enabled Kafka server, you must enable the User Datagram Protocol (UDP) connections to Port 88 of the Key Distribution Center (KDC) service. To do so, follow these steps:
- Connect to the Snaplex node (on Windows or Linux).
- Navigate to the krb5.conf file.
- Edit the krb5.conf file using any text editor.
Note: Before you edit, take a backup of the current file.
- Navigate to the
[libdefaults]section. - Add the following entry in the krb5.conf file under
[libdefaults]:udp_preference_limit = 1 - Save and close the krb5.conf file.
- Restart the Snaplex node.
Troubleshooting
Read timed out (read timeout = 300)
Reason: The Kafka Kerberos account validation fails when you do not enable the UDP connections.
Resolution: Enable UDP connections by adding the following entry in the krb5.conf file under [libdefaults]:
udp_preference_limit = 1Refer to the Additional Information section for details.