In this article

Overview

You can use the Kafka Kerberos account type to connect the Confluent Kafka Snaps with data sources that use Kafka Kerberos accounts.

Prerequisites

None.

Limitations

None.

Known Issues

None.

Account Settings

SnapLogic Documentation > Kafka Kerberos Account > kafka-kereberos-account-overview.png

Parameter

Data Type

Description

Default Value

Example

Label

String

Required. Specify a unique label for the account.

N/A

Kafka Kerberos Account_89

Bootstrap Servers

Use this field set to configure the bootstrap servers. Click to add a new row in this table for configuring bootstrap servers.

This field set contains the Bootstrap Server field.

Bootstrap Server

String/Expression

Specify an ordered list of host:port pairs to establish the initial connection to the Kafka cluster.

N/A

ec2-55-334-44-55.compute-1.amazonaws.com:9000

Schema Registry URL

String/Expression

Specify the schema registry server URL.

N/A

http://ec2-55-334-44-88.compute-1.amazonaws.com:8000

Advanced Kafka Properties

Use this field set to specify any additional Kafka properties that are not explicitly provided in the Snaps for connecting to the Kafka server.

The Advanced Kafka Properties field enables you to define additional Kafka properties. The properties that you provide here overwrite any values defined by the Snap. All Kafka properties are automatically defined by the Snap. These properties are passed directly to the server and are not tested by SnapLogic, Inc.

This field set contains the following fields:

Key
Value

Key

String/Expression

Specify the key for any Kafka parameters that are not explicitly supported by the Snaps.

N/A

max.message.size

Value

String/Expression

Specify the value for the corresponding key that are not explicitly supported by the Snaps.

N/A

5MB

Security Protocol

String/Expression

Choose a security protocol that GSSAPI/Kerberos authentication supports.

The available options are:

SASL_SSL
SASL_PLAINTEXT

SASL_SSL

SASL_PLAINTEXT

Principal

String/Expression

Required. Specify a unique name of a user or service for authentication.

N/A

User: testuser

Service: kafka/testhost.example.com.

Keytab

String/Expression

Required. Specify the path of the Kerberos Keytab file that includes the Principals.

N/A

/etc/security/keytabs/nn.service.keytab

Truststore Filepath

String/Expression

Provide the location of the Truststore file that is used to authenticate the server.

Provide the location if the Security protocol is SASL_SSL and the certificate is not signed by a Certificate Authority in the system's Truststore.

N/A

kafka.net.ssl.truststore

Truststore Password

String

Specify the password to access the Truststore file, if used.

N/A

test1234

Additional Information

When connecting to a Kerberos-enabled Kafka server, you must enable the User Datagram Protocol (UDP) connections to Port 88 of the Key Distribution Center (KDC) service. To do so, follow these steps:

Connect to the Snaplex node (on Windows / Linux).
Navigate to the krb5.conf file.
Edit the krb5.conf file using any text editor.
Note: Before you edit, take a backup of the current file.
Navigate to the [libdefaults] section.
Add the following entry in the krb5.conf file under [libdefaults].
udp_preference_limit = 1
Save and close the krb5.conf file.
Restart the Snaplex node.

Troubleshooting

Error Reason Resolution

Read timed out (read timeout = 300)

The Kafka Kerberos account validation fails when you do not enable the UDP connections.

Enable UDP connections by adding the following entry in the krb5.conf file under [libdefaults].

udp_preference_limit = 1

Refer to the Additional Information section for details.

Overview

Prerequisites

Limitations

Known Issues

Account Settings

Additional Information

Troubleshooting

Related Content