Kerberos-based Security

Scenarios

Flink Kerberos configuration items must be configured in security mode.

Configuration Description

The configuration items include keytab, principal, and cookie of Kerberos.

Table 1 Parameters

Parameter	Description	Default Value	Mandatory
security.kerberos.login.keytab	Keytab file path. This parameter is a client parameter.	Configure the parameter based on actual service requirements.	Yes
security.kerberos.login.principal	A parameter on the client. If security.kerberos.login.keytab and security.kerberos.login.principal are both set, keytab certificate is used by default.	Configure the parameter based on actual service requirements.	No
security.kerberos.login.contexts	Contexts of the jass file generated by Flink. This parameter is a server parameter.	Client, KafkaClient	Yes
security.enable	Certificate enabling switch of the Flink internal module. This parameter is a client parameter.	This parameter is configured automatically according to the cluster installation mode. Security mode: The default value is true. Non-security mode: The default value is false.	Yes
security.cookie	Module certificate token. This parameter is a client parameter. It must be configured and cannot be left empty when security.enable is enabled.	Configure the parameter based on actual service requirements.	Yes

last updated: 2024-11-14 12:28 UTC - commit: 9d95be538b931742820cff066f12ce18f037ed96