src-kafka/tests/kafkatest/services/security/templates/jaas.conf

/**
  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE
  * file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file
  * to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the
  * License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations under the License.
  */


KafkaClient {
{% if client_sasl_mechanism == "GSSAPI" %}
{% if is_ibm_jdk %}
    com.ibm.security.auth.module.Krb5LoginModule required debug=false
    credsType=both
    useKeytab="file:/mnt/security/keytab"
    principal="client@EXAMPLE.COM";
{% else %}
    com.sun.security.auth.module.Krb5LoginModule required debug=false
    doNotPrompt=true
    useKeyTab=true
    storeKey=true
    keyTab="/mnt/security/keytab"
    principal="client@EXAMPLE.COM";
{% endif %}
{% elif client_sasl_mechanism == "PLAIN" %}
	org.apache.kafka.common.security.plain.PlainLoginModule required
	username="client"
	password="client-secret";
{% endif %}

};

KafkaServer {
{% if "GSSAPI" in enabled_sasl_mechanisms %}
{% if is_ibm_jdk %}
    com.ibm.security.auth.module.Krb5LoginModule required debug=false
    credsType=both
    useKeytab="file:/mnt/security/keytab"
    principal="kafka/{{ node.account.hostname }}@EXAMPLE.COM";
{% else %}
    com.sun.security.auth.module.Krb5LoginModule required debug=false
    doNotPrompt=true
    useKeyTab=true
    storeKey=true
    keyTab="/mnt/security/keytab"
    principal="kafka/{{ node.account.hostname }}@EXAMPLE.COM";
{% endif %}
{% endif %}
{% if "PLAIN" in enabled_sasl_mechanisms %}
	org.apache.kafka.common.security.plain.PlainLoginModule required
	username="kafka"
	password="kafka-secret"
	user_client="client-secret"
	user_kafka="kafka-secret";
{% endif %}
};

{% if zk_sasl %}
Client {
{% if is_ibm_jdk %}
    com.ibm.security.auth.module.Krb5LoginModule required debug=false
    credsType=both
    useKeytab="file:/mnt/security/keytab"
    principal="zkclient@EXAMPLE.COM";
{% else %}
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/mnt/security/keytab"
   storeKey=true
   useTicketCache=false
   principal="zkclient@EXAMPLE.COM";
{% endif %}
};

Server {
{% if is_ibm_jdk %}
   com.ibm.security.auth.module.Krb5LoginModule required debug=false
   credsType=both
   useKeyTab="file:/mnt/security/keytab"
   principal="zookeeper/{{ node.account.hostname }}@EXAMPLE.COM";
{% else %}
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/mnt/security/keytab"
   storeKey=true
   useTicketCache=false
   principal="zookeeper/{{ node.account.hostname }}@EXAMPLE.COM";
{% endif %}
};
{% endif %}
KAFKA-2644; Run relevant ducktape tests with SASL_PLAINTEXT and SASL_SSL Run sanity check, replication tests and benchmarks with SASL/Kerberos using MiniKdc. Author: Rajini Sivaram <rajinisivaram@googlemail.com> Reviewers: Geoff Anderson <geoff@confluent.io>, Jun Rao <junrao@gmail.com> Closes #358 from rajinisivaram/KAFKA-2644 9 years ago			`/**`
			`* Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE`
			`* file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file`
			`* to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the`
			`* License. You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on`
			`* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the`
			`* specific language governing permissions and limitations under the License.`
			`*/`


			`KafkaClient {`
KAFKA-2693: Ducktape tests for SASL/PLAIN and multiple mechanisms Run a sanity test with SASL/PLAIN and a couple of replication tests with SASL/PLAIN and multiple mechanisms. Author: Rajini Sivaram <rajinisivaram@googlemail.com> Reviewers: Ismael Juma <ismael@juma.me.uk>, Ewen Cheslack-Postava <ewen@confluent.io> Closes #1282 from rajinisivaram/KAFKA-2693 9 years ago			`{% if client_sasl_mechanism == "GSSAPI" %}`
			`{% if is_ibm_jdk %}`
KAFKA-2644; Run relevant ducktape tests with SASL_PLAINTEXT and SASL_SSL Run sanity check, replication tests and benchmarks with SASL/Kerberos using MiniKdc. Author: Rajini Sivaram <rajinisivaram@googlemail.com> Reviewers: Geoff Anderson <geoff@confluent.io>, Jun Rao <junrao@gmail.com> Closes #358 from rajinisivaram/KAFKA-2644 9 years ago			`com.ibm.security.auth.module.Krb5LoginModule required debug=false`
			`credsType=both`
			`useKeytab="file:/mnt/security/keytab"`
			`principal="client@EXAMPLE.COM";`
			`{% else %}`
			`com.sun.security.auth.module.Krb5LoginModule required debug=false`
			`doNotPrompt=true`
			`useKeyTab=true`
			`storeKey=true`
			`keyTab="/mnt/security/keytab"`
			`principal="client@EXAMPLE.COM";`
KAFKA-2693: Ducktape tests for SASL/PLAIN and multiple mechanisms Run a sanity test with SASL/PLAIN and a couple of replication tests with SASL/PLAIN and multiple mechanisms. Author: Rajini Sivaram <rajinisivaram@googlemail.com> Reviewers: Ismael Juma <ismael@juma.me.uk>, Ewen Cheslack-Postava <ewen@confluent.io> Closes #1282 from rajinisivaram/KAFKA-2693 9 years ago			`{% endif %}`
			`{% elif client_sasl_mechanism == "PLAIN" %}`
			`org.apache.kafka.common.security.plain.PlainLoginModule required`
			`username="client"`
			`password="client-secret";`
			`{% endif %}`

KAFKA-2644; Run relevant ducktape tests with SASL_PLAINTEXT and SASL_SSL Run sanity check, replication tests and benchmarks with SASL/Kerberos using MiniKdc. Author: Rajini Sivaram <rajinisivaram@googlemail.com> Reviewers: Geoff Anderson <geoff@confluent.io>, Jun Rao <junrao@gmail.com> Closes #358 from rajinisivaram/KAFKA-2644 9 years ago			`};`

			`KafkaServer {`
KAFKA-2693: Ducktape tests for SASL/PLAIN and multiple mechanisms Run a sanity test with SASL/PLAIN and a couple of replication tests with SASL/PLAIN and multiple mechanisms. Author: Rajini Sivaram <rajinisivaram@googlemail.com> Reviewers: Ismael Juma <ismael@juma.me.uk>, Ewen Cheslack-Postava <ewen@confluent.io> Closes #1282 from rajinisivaram/KAFKA-2693 9 years ago			`{% if "GSSAPI" in enabled_sasl_mechanisms %}`
			`{% if is_ibm_jdk %}`
			`com.ibm.security.auth.module.Krb5LoginModule required debug=false`
			`credsType=both`
			`useKeytab="file:/mnt/security/keytab"`
			`principal="kafka/{{ node.account.hostname }}@EXAMPLE.COM";`
			`{% else %}`
KAFKA-2644; Run relevant ducktape tests with SASL_PLAINTEXT and SASL_SSL Run sanity check, replication tests and benchmarks with SASL/Kerberos using MiniKdc. Author: Rajini Sivaram <rajinisivaram@googlemail.com> Reviewers: Geoff Anderson <geoff@confluent.io>, Jun Rao <junrao@gmail.com> Closes #358 from rajinisivaram/KAFKA-2644 9 years ago			`com.sun.security.auth.module.Krb5LoginModule required debug=false`
			`doNotPrompt=true`
			`useKeyTab=true`
			`storeKey=true`
			`keyTab="/mnt/security/keytab"`
			`principal="kafka/{{ node.account.hostname }}@EXAMPLE.COM";`
KAFKA-2693: Ducktape tests for SASL/PLAIN and multiple mechanisms Run a sanity test with SASL/PLAIN and a couple of replication tests with SASL/PLAIN and multiple mechanisms. Author: Rajini Sivaram <rajinisivaram@googlemail.com> Reviewers: Ismael Juma <ismael@juma.me.uk>, Ewen Cheslack-Postava <ewen@confluent.io> Closes #1282 from rajinisivaram/KAFKA-2693 9 years ago			`{% endif %}`
			`{% endif %}`
			`{% if "PLAIN" in enabled_sasl_mechanisms %}`
			`org.apache.kafka.common.security.plain.PlainLoginModule required`
			`username="kafka"`
			`password="kafka-secret"`
			`user_client="client-secret"`
			`user_kafka="kafka-secret";`
			`{% endif %}`
KAFKA-2644; Run relevant ducktape tests with SASL_PLAINTEXT and SASL_SSL Run sanity check, replication tests and benchmarks with SASL/Kerberos using MiniKdc. Author: Rajini Sivaram <rajinisivaram@googlemail.com> Reviewers: Geoff Anderson <geoff@confluent.io>, Jun Rao <junrao@gmail.com> Closes #358 from rajinisivaram/KAFKA-2644 9 years ago			`};`

KAFKA-2905: System test for rolling upgrade to enable ZooKeeper ACLs with SASL Author: flavio junqueira <fpj@apache.org> Reviewers: Ismael Juma, Geoff Anderson Closes #598 from fpj/KAFKA-2905 9 years ago			`{% if zk_sasl %}`
			`Client {`
KAFKA-2693: Ducktape tests for SASL/PLAIN and multiple mechanisms Run a sanity test with SASL/PLAIN and a couple of replication tests with SASL/PLAIN and multiple mechanisms. Author: Rajini Sivaram <rajinisivaram@googlemail.com> Reviewers: Ismael Juma <ismael@juma.me.uk>, Ewen Cheslack-Postava <ewen@confluent.io> Closes #1282 from rajinisivaram/KAFKA-2693 9 years ago			`{% if is_ibm_jdk %}`
			`com.ibm.security.auth.module.Krb5LoginModule required debug=false`
			`credsType=both`
			`useKeytab="file:/mnt/security/keytab"`
			`principal="zkclient@EXAMPLE.COM";`
			`{% else %}`
			`com.sun.security.auth.module.Krb5LoginModule required`
			`useKeyTab=true`
			`keyTab="/mnt/security/keytab"`
			`storeKey=true`
			`useTicketCache=false`
			`principal="zkclient@EXAMPLE.COM";`
			`{% endif %}`
KAFKA-2905: System test for rolling upgrade to enable ZooKeeper ACLs with SASL Author: flavio junqueira <fpj@apache.org> Reviewers: Ismael Juma, Geoff Anderson Closes #598 from fpj/KAFKA-2905 9 years ago			`};`

			`Server {`
KAFKA-2693: Ducktape tests for SASL/PLAIN and multiple mechanisms Run a sanity test with SASL/PLAIN and a couple of replication tests with SASL/PLAIN and multiple mechanisms. Author: Rajini Sivaram <rajinisivaram@googlemail.com> Reviewers: Ismael Juma <ismael@juma.me.uk>, Ewen Cheslack-Postava <ewen@confluent.io> Closes #1282 from rajinisivaram/KAFKA-2693 9 years ago			`{% if is_ibm_jdk %}`
			`com.ibm.security.auth.module.Krb5LoginModule required debug=false`
			`credsType=both`
			`useKeyTab="file:/mnt/security/keytab"`
			`principal="zookeeper/{{ node.account.hostname }}@EXAMPLE.COM";`
			`{% else %}`
			`com.sun.security.auth.module.Krb5LoginModule required`
			`useKeyTab=true`
			`keyTab="/mnt/security/keytab"`
			`storeKey=true`
			`useTicketCache=false`
			`principal="zookeeper/{{ node.account.hostname }}@EXAMPLE.COM";`
KAFKA-2644; Run relevant ducktape tests with SASL_PLAINTEXT and SASL_SSL Run sanity check, replication tests and benchmarks with SASL/Kerberos using MiniKdc. Author: Rajini Sivaram <rajinisivaram@googlemail.com> Reviewers: Geoff Anderson <geoff@confluent.io>, Jun Rao <junrao@gmail.com> Closes #358 from rajinisivaram/KAFKA-2644 9 years ago			`{% endif %}`
KAFKA-2693: Ducktape tests for SASL/PLAIN and multiple mechanisms Run a sanity test with SASL/PLAIN and a couple of replication tests with SASL/PLAIN and multiple mechanisms. Author: Rajini Sivaram <rajinisivaram@googlemail.com> Reviewers: Ismael Juma <ismael@juma.me.uk>, Ewen Cheslack-Postava <ewen@confluent.io> Closes #1282 from rajinisivaram/KAFKA-2693 9 years ago			`};`
KAFKA-2905: System test for rolling upgrade to enable ZooKeeper ACLs with SASL Author: flavio junqueira <fpj@apache.org> Reviewers: Ismael Juma, Geoff Anderson Closes #598 from fpj/KAFKA-2905 9 years ago			`{% endif %}`