Using a Kerberos ticket cache to authenticate connector running on a stand-alone worker

Authenticate the DataStax Connector session using a Kerberos ticket with a worker that is running in stand-alone mode.

Authenticate the DataStax Apache Kafka™ Connector session using a Kerberos ticket with a worker that is running in stand-alone mode.

Procedure

  1. Put the Kerberos configuration file (krb5.conf) in /etc.
    Tip: To use an alternate location for the configuration file (other than the default location /etc), set the environment variable to point to the configuration file. See Using an alternate location for the Kerberos files.
  2. Add accounts to Kerberos and DataStax cluster:
    1. Add a service principal for the host where the connector is running in standalone mode. See Add principal.
    2. Add a DataStax login-role. See Adding roles for Kerberos principals.
    3. Allow write access to the DataStax tables by granting MODIFY permission on the table to the login role. See Controlling access to keyspaces and tables.
  3. Configure the connector as described in Configuring the DataStax Apache Kafka Connector using Kerberos authentication parameters.
  4. Get a Kerberos ticket by running kinit with the DataStax Kafka Connector principal:
    kinit datastaxconnector/kafka@EXAMPLE.COM
  5. Start the DataStax Connector. See Deploying the DataStax Connector in standalone mode.