问题
I have setup the jaas config for kafka using sasl.jaas.config property. I want to update this config and add users dynamically.
As per this doc - http://kafka.apache.org/11/documentation.html#dynamicbrokerconfigs, we can do that by using bin/kafka-configs.sh.
The above doc has config column, which says as follow -
I have tried updating sasl.jaas.config with below command:
bin/kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config sasl.jaas.config="KafkaServer {\n org.apache.kafka.common.security.plain.PlainLoginModule required\n username=\"myuser\"\n password=\"mypassword\";\n};\nClient {\n org.apache.zookeeper.server.auth.DigestLoginModule required\n username=\"myuser2\"\n password=\"mypassword2\";\n};"
But it gives me following error:
requirement failed: Invalid entity config: all configs to be added must be in the format "key=val"
If I look to above column, it says the format for value of sasl.jaas.config property is (=)*. What does this means?
How the value for 'sasl.jaas.config' should be passed to update jaas config dynamically?
回答1:
While it's possible to dynamically update sasl.jaas.config to add more users, the default Plain login module is not intended to be used in production.
Instead you should define callback handlers to handle authentication of users. This is described in the Kafka Sasl Plain docs.
Another option that requires more work (but give even more flexibility) is to create your own login module. The process is described in Can Kafka be provided with custom LoginModule to support LDAP?
Regarding the error message you get, this seems to be an issue with the kafka-config.sh tool. It's not expecting the config value to contain =. You should be able to update that config using the AdminClient API.
I couldn't find an existing issue in JIRA so created a new one: https://issues.apache.org/jira/browse/KAFKA-8010
来源:https://stackoverflow.com/questions/54900529/kafka-update-jaas-config-dynamically