Kafka Kerberos Account
This page is no longer maintained (Nov 12, 2025). For the most current information, go to 
Kafka Kerberos Account.
In this article
Overview
You can use the Kafka Kerberos account type to connect the Confluent Kafka Snaps with data sources that use Kafka Kerberos accounts.
Prerequisites
None.
Limitations
None.
Known Issues
None.
Account Settings
Parameter | Data Type | Description | Default Value | Example |
|---|---|---|---|---|
Label | String | Required. Specify a unique label for the account. | N/A | Kafka Kerberos Account_89 |
Bootstrap Servers | Use this field set to configure the bootstrap servers. Click to add a new row in this table for configuring bootstrap servers. This field set contains the Bootstrap Server field. | |||
Bootstrap Server | String/Expression | Specify an ordered list of host:port pairs to establish the initial connection to the Kafka cluster. | N/A | ec2-55-334-44-55.compute-1.amazonaws.com:9000 |
Schema Registry URL | String/Expression | Specify the schema registry server URL. | N/A | http://ec2-55-334-44-88.compute-1.amazonaws.com:8000 |
Advanced Kafka Properties | Use this field set to specify any additional Kafka properties that are not explicitly provided in the Snaps for connecting to the Kafka server. The Advanced Kafka Properties field enables you to define additional Kafka properties. The properties that you provide here overwrite any values defined by the Snap. All Kafka properties are automatically defined by the Snap. These properties are passed directly to the server and are not tested by SnapLogic, Inc. This field set contains the following fields:
| |||
Key | String/Expression | Specify the key for any Kafka parameters that are not explicitly supported by the Snaps. | N/A | max.message.size |
Value | String/Expression | Specify the value for the corresponding key that are not explicitly supported by the Snaps. | N/A | 5MB |
Security Protocol | String/Expression | Choose a security protocol that GSSAPI/Kerberos authentication supports. The available options are:
| SASL_SSL | SASL_PLAINTEXT |
Principal | String/Expression | Required. Specify a unique name of a user or service for authentication. | N/A | User: testuser Service: kafka/testhost.example.com. |
Keytab | String/Expression | Required. Specify the path of the Kerberos Keytab file that includes the Principals. | N/A | /etc/security/keytabs/nn.service.keytab |
Truststore Filepath | String/Expression | Provide the location of the Truststore file that is used to authenticate the server. Provide the location if the Security protocol is SASL_SSL and the certificate is not signed by a Certificate Authority in the system's Truststore. | N/A | kafka.net.ssl.truststore |
Truststore Password | String | Specify the password to access the Truststore file, if used. | N/A | test1234 |
Additional Information
When connecting to a Kerberos-enabled Kafka server, you must enable the User Datagram Protocol (UDP) connections to Port 88 of the Key Distribution Center (KDC) service. To do so, follow these steps:
Connect to the Snaplex node (on Windows / Linux).
Navigate to the krb5.conf file.
Edit the krb5.conf file using any text editor.
Note: Before you edit, take a backup of the current file.Navigate to the [libdefaults] section.
Add the following entry in the krb5.conf file under [libdefaults].
udp_preference_limit = 1
Save and close the krb5.conf file.
Troubleshooting
Error | Reason | Resolution |
|---|---|---|
| The Kafka Kerberos account validation fails when you do not enable the UDP connections. | Enable UDP connections by adding the following entry in the
Refer to the Additional Information section for details. |
Related Content
Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2025 SnapLogic, Inc.