kafka开启Kerberos使用方式

kafka SASL_PLAINTEXT
serviceName 配置： /etc/security/keytabs/kafka.service.keytab 对应的用户名

$ cat /home/sunxy/kafka/jaas25.conf
KafkaClient
{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
renewTicket=true
serviceName=“ocdp”
keyTab=“/home/sunxy/kafka/kafka.service.keytab”
storeKey=true
useTicketCache=false
principal=“ocdp/wf-gd2-bpit-dp-kafka-17-38@GOERTEK.COM”;
};
Client
{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab=“/home/sunxy/kafka/kafka.service.keytab”
storeKey=true
useTicketCache=false
serviceName=“ocdp”
principal=“ocdp/wf-gd2-bpit-dp-kafka-17-38@GOERTEK.COM”;
};

$ cat consumer.properties
security.protocol=SASL_PLAINTEXT
sasl.mechanism=GSSAPI
sasl.kerberos.service.name=ocdp

$ cat producer.properties
security.protocol=SASL_PLAINTEXT
sasl.mechanism=GSSAPI
sasl.kerberos.service.name=ocdp

开启debug： export KAFKA_OPTS=“-Dlog4j.debug=true -Dkafka.logs.dir=/path/to/logs”

export KAFKA_OPTS=“-Djava.security.auth.login.config=/home/sunxy/kafka/jaas25.conf”

/usr/dif/7.1.0-0/kafka/bin/
/opt/cloudera/parcels/CDH-6.3.1-1.cdh6.3.1.p0.1470567/lib/kafka/bin/

/usr/dif/7.1.0-0/kafka/bin/kafka-topics.sh --zookeeper wf-gd2-bpit-dp-nn-17-71:2181,wf-gd2-bpit-dp-nn-17-70:2181,wf-gd2-bpit-dp-nn-17-80:2181 --topic testtopic --replication-factor 3 --partitions 3 --create

/usr/dif/7.1.0-0/kafka/bin/kafka-topics.sh --zookeeper wf-gd2-bpit-dp-nn-17-71:2181,wf-gd2-bpit-dp-nn-17-70:2181,wf-gd2-bpit-dp-nn-17-80:2181 --list

/usr/dif/7.1.0-0/kafka/bin/kafka-console-producer.sh --broker-list 10.11.17.38:6667,10.11.17.39:6667,10.11.17.40:6667 --topic testtopic --producer.config /home/sunxy/kafka/producer.properties

/usr/dif/7.1.0-0/kafka/bin/kafka-console-consumer.sh --topic testtopic --bootstrap-server 10.11.17.38:6667,10.11.17.39:6667,10.11.17.40:6667 --from-beginning --max-messages 100 --consumer.config /home/sunxy/kafka/consumer.properties