brod_gssapi
is an authentication backend for
brod. brod_gssapi
makes it possible to
connect Brod to a Kafka cluster using the
SASL/GSSAPI (Kerberos) authentication method.
Please see the configuration section below for information about which Kafka
handshake versions that are supported. brod_gssapi
uses
sasl_auth, which is an Erlang wrapper
for a SASL/GSSAPI C library.
- Install the dependencies for
sasl_auth
. More information aboutsasl_auth
's dependencies can be found insasl_auth
's README.md file. - Add
brod_gssapi
as dependency to your top level project that usesbrod
. - Add
{sasl, {callback, brod_gssapi, {gssapi, Keytab, Principal}}}
to the brod client config.Keytab
should be the keytab file path, andPrincipal
should be a byte list or binary string.
The example/
directory in this repository contains a docker-compose
project
with Kerberos, Zookeeper, Kafka (with SASL/GSSAPI Kerberos authentication)
and a Brod client. The example/README.md
file describes how to run this
example. The code in example/brod_client/src/example.erl
sets up a Brod
client with SASL/GSSAPI (Kerberos) authentication and sends and receives
messages.
Please see sasl_auth
's README.md file
for information about what software you need to install before compiling and
using this plugin.
$ rebar3 compile
$ rebar3 ct
The example in the example/
directory also works as a test case. The
example/README.md
file describes how to run the example.
For version of Brod before 3.16.4 the handshake version used for authentication
with Kafka is not passed down to the brod_gssapi
plugin. By default,
brod_gssapi
will use the legacy
handshake version (the version used
before handshake version naming was introduced to Kafka). This can be changed
by configuring brod_gssapi
with the setting default_handshake_vsn
.
brod_gssapi
currently only supports the legacy
and 1
handshake versions. Handshake
version 0
is currently not supported. The setting can be changed both
programmatically with application:set_env(brod_gssapi, default_handshake_vsn, 1)
and by giving the following parameter to the Erlang command
-brod_gssapi default_handshake_vsn 1
.