General SASL/Keberos configuration

General SASL/Keberos configuration

This article describes how to configure a server connection with SASL and Kerberos correctly. 

Introduction

Kadeck supports a variety of configurations when connecting to a server using SASL.

Supported security protocols

SASL_PLAINTEXT
SASL_SSL

 

Supported SASL mechanisms

PLAIN
GSSAPI
SCRAM-SHA-256
SCRAM-SHA-512

 

JAAS/SASL configuration

Kadeck supports one JAAS configuration for every cluster configuration.
  1. Select either SASL_PLAINTEXT or SASL_SSL from the security protocol drop-down menu on the cluster dialog.
  2. The SASL tab becomes active.
  3. Click on the SASL tab and enter the JAAS configuration in the "Jaas Config" input field.
The JAAS configuration should have the following format:
  1. <LoginModule> <flag> <LoginModule options>;

Example using ScramLoginModule:

  1. org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="password";

Kerberos (Krb5.conf) 

A JAAS configuration file, as in the following example, can be entered into the JAAS config input field as follows:

Original file / Krb5.conf (Kerberos)

KafkaClient {
 com.sun.security.auth.module.Krb5LoginModule required
 doNotPrompt=true
 useTicketCache=true
 principal="kafka-user@MYCORP.NET"
 useKeyTab=true
 keyTab="/home/kafka-user/kafka-user.keytab"
 client=true
 serviceName="kafka"
};

JAAS config input field

com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=true useTicketCache=true principal="kafka-user@MYCORP.NET" useKeyTab=true keyTab="/home/kafka-user/kafka-user.keytab" client=true serviceName="kafka";

 

Passing in a krb5.conf as startup parameter

The configuration via the SASL config input field is the preferred way and should normally be sufficient.


    • Related Articles

    • Startup Parameters / Environment variables

      Note: All parameters must be prefixed with xeotek_kadeck_ (e.g., xeotek_kadeck_secret). The prefix is omitted below for readability. License teamid Your team ID (required) secret Your secret (required) Basic Configuration port The port through which ...

    • Startup Parameters / Environment variables

      The following list of startup parameters needs to be supplied through environment variables to the Kadeck Teams instance. Prefix "xeotek_kadeck_" required All values in the table need to be prefixed with 'xeotek_kadeck_', e.g. xeotek_kadeck_secret. ...

    • Connect to Digital Ocean

      This guide walks you through the steps to connect to a Kafka cluster on DigitalOcean using Kadeck. By following these instructions, you'll be able to set up a secure connection to your Kafka cluster and start managing your topics seamlessly. ...

    • Mounting a keytab file

      If you need to specify a keytab file when running Kadeck on your local machine to connect to your Apache Kafka cluster, you need to create a volume containing the keytab of your certificate and mount it to your Docker container. Mounting the keytab ...

    • General upgrade information

      The release notes moved to https://docs.kadeck.com/docs/platformupdates/2026/ The process of upgrading a single, distributed, or clustered Kadeck Teams instance is straightforward. In many cases, you upgrade the software by installing the latest ...