Welcome to the new Parasoft forums! We hope you will enjoy the site and try out some of the new features, like sharing an idea you may have for one of our products or following a category.

JAAS Configuration KafkaClient Entry

Hello, I was trying to set up a kafka responder. I am getting an error message stating that:
"could not find a 'KafkaClient' entry in the JAAS Configuration. System property "java.security.auth.login.config' is in C/..../kerberos.config.

Can you please provide an example showing an KafkaClient entry. I am using key store authentication.
Thank you!

Tagged:

Answers

  • benken_parasoft
    benken_parasoft Posts: 1,302 ✭✭✭
    edited April 17

    The Apache Kafka extension is configured with properties. You provide the path to your properties file in the field named "Additional Settings File Path".

    All the Kafka configuration properties are described here:
    https://kafka.apache.org/documentation/#configuration

    More specifically, this describes JAAS configuration:
    https://kafka.apache.org/documentation/#security_jaas_client

    An example properties file:

    security.protocol=SASL_SSL
    sasl.mechanism=GSSAPI
    sasl.kerberos.service.name=kafka
    sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required \
        debug=true \
        doNotPrompt=true \
        useKeyTab=true \
        keyTab="./xxxxx.keytab" \
        storeKey=false \
        useTicketCache=true \
        renewTGT=false \
        principal="xxxx@DOMAIN";
    
  • benken_parasoft
    benken_parasoft Posts: 1,302 ✭✭✭

    For Kafka, you are only configuring the extension with additional settings properties like I described in my last comment. However, here is some related information about SOAtest and Kerberos that I've passed along before:

    SOAtest's Kerberos preferences can be used to set Java system properties that override the default realm and KDC server used by the JVM's Kerberos/JAAS framework. Otherwise, if you leave them blank (SOAtest 2022.2 and later), then the Kerberos/JAAS framework picks up the default realm and KDC automatically from the system, typically from the /etc/krb5.conf or C:\Windows\krb5.ini file. So, it is common to just leave those blank. Having the right realm and KDC configured on the system is also needed outside of SOAtest for running "kinit" command to cache a TGT (ticket-granting-ticket). To verify whether a TGT was cached you can run "klist" command or click the "Check ticket" button in the SOAtest preferences which is there as a convenience.

Tagged