Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: Yang, Tong <yangtong2@huawei.com> Co-committed-by: Yang, Tong <yangtong2@huawei.com>
7.9 KiB
Kerberos-based Security
Scenarios
Flink Kerberos configuration items must be configured in security mode.
Configuration Description
The configuration items include keytab, principal, and cookie of Kerberos.
Parameter |
Description |
Default Value |
Mandatory |
---|---|---|---|
security.kerberos.login.keytab |
Keytab file path. This parameter is a client parameter. |
Configure the parameter based on actual service requirements. |
Yes |
security.kerberos.login.principal |
A parameter on the client. If security.kerberos.login.keytab and security.kerberos.login.principal are both set, keytab certificate is used by default. |
Configure the parameter based on actual service requirements. |
No |
security.kerberos.login.contexts |
Contexts of the jass file generated by Flink. This parameter is a server parameter. |
Client, KafkaClient |
Yes |
security.enable |
Certificate enabling switch of the Flink internal module. This parameter is a client parameter. |
This parameter is configured automatically according to the cluster installation mode.
|
Yes |
security.cookie |
Module certificate token. This parameter is a client parameter. It must be configured and cannot be left empty when security.enable is enabled. |
Configure the parameter based on actual service requirements. |
Yes |