General SASL/Keberos configuration

General SASL/Keberos configuration

This article describes how to configure a server connection with SASL and Kerberos correctly. 


Kadeck supports a variety of configurations when connecting to a server using SASL.

Supported security protocols



Supported SASL mechanisms



JAAS/SASL configuration

Kadeck supports one JAAS configuration for every cluster configuration.
  1. Select either SASL_PLAINTEXT or SASL_SSL from the security protocol drop-down menu on the cluster dialog.
  2. The SASL tab becomes active.
  3. Click on the SASL tab and enter the JAAS configuration in the "Jaas Config" input field.
The JAAS configuration should have the following format:
  1. <LoginModule> <flag> <LoginModule options>;

Example using ScramLoginModule:

  1. required username="user" password="password";

Kerberos (Krb5.conf) 

A JAAS configuration file, as in the following example, can be entered into the JAAS config input field as follows:

Original file / Krb5.conf (Kerberos)

KafkaClient { required
serviceName="kafka" };

JAAS config input field required doNotPrompt=true useTicketCache=true principal="kafka-user@MYCORP.NET" useKeyTab=true keyTab="/home/kafka-user/kafka-user.keytab" client=true serviceName="kafka";


Passing in a krb5.conf as startup parameter

The configuration via the SASL config input field is the preferred way and should normally be sufficient.

    • Related Articles

    • Startup Parameters / Environment variables

      The following list of startup parameters needs to be supplied through environment variables to the Kadeck Teams instance. Prefix "xeotek_kadeck_" required All values in the table need to be prefixed with 'xeotek_kadeck_', e.g. xeotek_kadeck_secret. ...
    • Mounting a keytab file

      If you need to specify a keytab file when running Kadeck on your local machine to connect to your Apache Kafka cluster, you need to create a volume containing the keytab of your certificate and mount it to your Docker container. Mounting the keytab ...
    • General upgrade information

      The process of upgrading a single, distributed, or clustered Kadeck Teams instance is straightforward. In many cases, you upgrade the software by installing the latest distribution over your existing installation. The following requirements must be ...
    • Connect to Amazon MSK

      This article describes how to connect Kadeck Teams and Kadeck Desktop to Amazon MSK. Important note: Connecting to Amazon MSK with Kadeck Teams is straight forward if Kadeck Teams is deployed inside the same VPC (e.g., as EC2 or ECS instance). Learn ...
    • Quota Management

      A quota can be applied to limit network and resource utilization for Kafka to only specific users and/or clients. To use user level quotas, authentication via Kerberos or TLS certificates must be enabled in your Apache Kafka setup. Note that ...