Tomasz Cy-man
Tomasz Cy-man

Reputation: 251

How to configurate kafka producer in C# with Kerberos

Hi i have a problem with connection to kafka on my server...

I have kafka on Linux server (with Kerberos), java client that is connection to it by adding in configuration keytab, principal (jaas config) and now i need to add similar config to c# app that will be produce some messages to kafka. C# app will work on Windows machine.

C# app is using Confluent.Kafka, connection to kafka that don`t have kerberos auth is very simple, im doing it like in https://github.com/confluentinc/confluent-kafka-dotnet

but now i need to configure it to connect to secured env...

So how to configure connection that will be use existing keytab file and principal?

I saw a lot of examples in java, but none working example of similar problem in C#

I would be grateful for any hint to go further with my problem

//update

it start working when I used config like:

        config = new Dictionary<string, object>
        {
            {"bootstrap.servers", KAFKA_BROKER_SERVERS},
            {"api.version.request", "true"},
            {"security.protocol", "SASL_PLAINTEXT"},
            {"sasl.kerberos.service.name", "kafka"},
            {"sasl.kerberos.principal", "myPrincaipal@REALM"},
            {"debug", "security,broker,protocol"}
        };

Upvotes: 1

Views: 5621

Answers (1)

Edenhill
Edenhill

Reputation: 3113

confluent-kafka-dotnet (or more precisely librdkafka, the underlying Kafka client implementation) will use Windows native SSPI for Kerberos authentication on Windows. This means you will not be able to use keytabs, etc, but instead rely on the logged on user's credentials on the Windows AD.

There's a community contributed guide here: https://github.com/edenhill/librdkafka/wiki/Using-SASL-with-librdkafka-on-Windows

Upvotes: 2

Related Questions