一、文件
1、krb5.conf 2、monitor_jaas.conf 3、 monitor.keytab
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = localhost:88
admin_server = baspv02.ngsoc.lfk.360es.cn:749
[libdefaults]
default_realm = HADOOP.COM
dns_lookup_realm = false
dns_lookup_kdc = localhost:88
ticket_lifetime = 500d
renew_lifetime = 500d
forwardable = true
[realms]
HADOOP.COM = {
kdc = localhost:88
admin_server = localhost:749
default_domain = HADOOP.COM
}
设置参考:https://blog.csdn.net/dyq51/article/details/81363905
monitor_jaas.conf:
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="D:\\work\\workspace\\basp_monitor\\monitor\\config\\monitor.keytab"
principal="monitor@HADOOP.COM";
};
二、代码
// kerberos环境变量
System.setProperty("java.security.krb5.conf", "D:/work/workspace/basp_monitor/monitor/config/krb5.conf");
System.setProperty("java.security.auth.login.config", “D:/work/workspace/basp_monitor/monitor/config/monitor_jaas.conf”);
//kafka属性添加
props.put("sasl.kerberos.service.name", "kafka");
props.put("sasl.mechanism", "GSSAPI");
props.put("security.protocol", "SASL_PLAINTEXT");