Using a Kerberos ticket cache to authenticate connector running on a stand-alone worker
Authenticate the DataStax Connector session using a Kerberos ticket with a worker that is running in stand-alone mode.
Authenticate the DataStax Apache Kafka™ Connector session using a Kerberos ticket with a worker that is running in stand-alone mode.
Procedure
-
Put the Kerberos configuration file (krb5.conf) in
/etc.
Tip: To use an alternate location for the configuration file (other than the default location
/etc
), set the environment variable to point to the configuration file. See Using an alternate location for the Kerberos files. -
Add accounts to Kerberos and the cluster:
- Add a service principal for the host where the connector is running in standalone mode. See Add principal.
- Add a login-role. See Adding roles for Kerberos principals.
-
Allow write access to the tables by granting
MODIFY
permission on the table to the login role. See Controlling access to keyspaces and tables.
- Configure the connector as described in Configuring the DataStax Apache Kafka Connector using Kerberos authentication parameters.
-
Get a Kerberos ticket by running
kinit
with the DataStax Apache Kafka Connector principal:kinit datastaxconnector/kafka@EXAMPLE.COM
- Start the DataStax Apache Kafka Connector. See Deploying the DataStax Connector in standalone mode.