Uploaded image for project: 'Observability and Data Analysis Program'
  1. Observability and Data Analysis Program
  2. OBSDA-53

Add support for using Kerberos authentication for Kafka inside the Log Forwarding API


    • False
    • False
    • 0% To Do, 0% In Progress, 100% Done
    • Undefined
    • 0

      What is the problem that your customer is facing?

      My customer needs to forward logs to Kafka and their security requirements are to use Kerberos, using mTLS so far has not been an option. Also it appears in the Kafka documentation that you are only allowed SASL or mTLS still verifying this with Verizon. To set this up they will have to manually work with Fluentd in an unsupported manner

      What is the business impact, if any, if this request will not be made available?

      <<Please detail any impact on the 'what happens if not delivered' so that
      we can better make judgement of the priority for this request.>>

      What are your expectations for this feature

      Secured Apache Kafka clusters can be configured to enforce authentication using different methods, including the following:

      • SSL – TLS client authentication
      • SASL/GSSAPI – Kerberos authentication
      • SASL/PLAIN – LDAP and file-based authentication
      • SASL/SCRAM-SHA-256 and SASL/SCRAM-SHA-512

      The expectation is to be able to also configure Kerberos and not just mTLS.

      Have you done this before and/or outside of support and if yes, how? (Optional)

      <<Please add any information on how you have done that so far or any ideas
      you'd like to share with us.>>

            jamparke@redhat.com Jamie Parker
            rhn-support-dlawrenc Darren Lawrence
            2 Vote for this issue
            8 Start watching this issue