Security Configuration Options
Describes Kafka Connect security parameters.
The following security parameters provide an authentication, encryption, and impersonation layer between the Kafka Connect REST API clients and the Kafka Connect REST Gateway.
These parameters are configurable in the
connect-distributed.properties
file./opt/mapr/kafka/kafka-<version>/config/connect-distributed.properties
NOTE Ensure
that both an ssl_keystore and ssl_truststore file have been created.
Parameter | Description | Type | Default |
---|---|---|---|
listeners | Comma-separated list of listeners that listen for API requests over either HTTP or HTTPS. If a listener uses HTTPS, the appropriate SSL configuration parameters need to be set as well. Each listener must include the protocol, hostname, and port. For example: http://localhost:8082 | list | none |
connect.enable.doAs | Specifies whether or not to enable impersonation for MapR Event Store For Apache Kafka topics. For this to take effect, PAM authentication must be enabled. | boolean | true |
authentication.method | Specifies whether or not to enable PAM authentication. Set to NONE to disable. | string | BASIC |
authentication.realm | Specifies realm for PAM authentication. Set to an empty string ("") to disable PAM. Set to jpamLogin to enable authentication | string | jpam |
ssl.cipher.suites | A list of SSL cipher suites. This list is a comma-separated list. Leave blank to use Jetty’s default. | list | none |
ssl.cipher.suites.exclude | A list of disabled SSL cipher suites. This is a comma-separated list. | list |
|
ssl.disabled.protocols | The list of SSL protocols that will not be accepted by clients. This is a comma-separated list. | list |
|
ssl.enabled.protocols | The list of SSL protocols that can be accepted from clients. The list is a comma-separated list. Leave blank to use Jetty’s defaults. | list | empty |
ssl.endpoint.identification.algorithm | The endpoint identification algorithm to validate the server hostname using the server certificate. IMPORTANT: Jetty requires that the key's CN, stored in the keystore, must match the FQDN if ssl_endpoint_identification_algorithm=https. Leave blank to use Jetty’s default. | string | none |
ssl.key.password | The password of the private key in the keystore file. If this parameter is not set, the property value is obtained from the ssl-client.xml file. | string | empty |
ssl.keymanager.algorithm | The algorithm used by the key manager factory for SSL connections. Leave blank to use Jetty’s default. | string | none |
ssl.keystore.location | Location of the keystore file. If this parameter is not set, the property value is obtained from the ssl-client.xml file. | string | empty |
ssl.keystore.password | The store password for the keystore file. If this parameter is not set, the property value is obtained from the ssl-client.xml file. | string | empty |
ssl.keystore.type | The type of keystore file. | string | JKS |
ssl.protocol | The SSL protocol used to generate the SslContextFactory. | string | TLSv1.2 |
ssl.provider | The SSL security provider name. Leave blank to use Jetty’s default. | string | none |
ssl.trustmanager.algorithm | The algorithm used by the trust manager factory for SSL connections. Leave blank to use Jetty’s default. | string | none |
ssl.truststore.location | Location of the trust store. Required only to authenticate HTTPS clients. | string | empty |
ssl.truststore.password | The store password for the trust store file. | string | empty |
ssl.truststore.type | The type of trust store file. | string | JKS |