doc-exports/docs/mrs/component-operation-guide-lts/mrs_01_1574.html

<a name="mrs_01_1574"></a><a name="mrs_01_1574"></a>

<h1 class="topictitle1">Kerberos-based Security</h1>
<div id="body8662426"><div class="section" id="mrs_01_1574__en-us_topic_0000001219350445_s11ef75af20ba44d79007564875dbfe68"><h4 class="sectiontitle">Scenarios</h4><p id="mrs_01_1574__en-us_topic_0000001219350445_ab995a18a6f8a4e298f2ed0a71fe27a86">Flink Kerberos configuration items must be configured in security mode.</p>
</div>
<div class="section" id="mrs_01_1574__en-us_topic_0000001219350445_sce02c734e01e49e7847b71bc4279d078"><h4 class="sectiontitle">Configuration Description</h4><p id="mrs_01_1574__en-us_topic_0000001219350445_a627833aa44b54df0921bdf1b1b7a5f14">The configuration items include <strong id="mrs_01_1574__en-us_topic_0000001219350445_b397821803417">keytab</strong>, <strong id="mrs_01_1574__en-us_topic_0000001219350445_b1219592217346">principal</strong>, and <strong id="mrs_01_1574__en-us_topic_0000001219350445_b491516323349">cookie</strong> of Kerberos.</p>

<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1574__en-us_topic_0000001219350445_te1e4538537c04f1eb56c9bbedb7cf8c3" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters</caption><thead align="left"><tr id="mrs_01_1574__en-us_topic_0000001219350445_r10cf40024310477ebf18596ee7f5a4cb"><th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.3.2.5.1.1"><p id="mrs_01_1574__en-us_topic_0000001219350445_aa93a418533c1443ebfdc23fae4eb41bd">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.3.2.5.1.2"><p id="mrs_01_1574__en-us_topic_0000001219350445_a4c5b6412857142428d06f0d493420ac1">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.3.2.5.1.3"><p id="mrs_01_1574__en-us_topic_0000001219350445_af35b094f4dab4042baacffed4761851d">Default Value</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.3.2.5.1.4"><p id="mrs_01_1574__en-us_topic_0000001219350445_a704f7c177f9c480498fcd6414e67e9c4">Mandatory</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1574__en-us_topic_0000001219350445_rabdcd490ea7345188069c088680c1daf"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.1 "><p id="mrs_01_1574__en-us_topic_0000001219350445_a85b8f57889c04bcab6cd21acafaf152a">security.kerberos.login.keytab</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.2 "><p id="mrs_01_1574__en-us_topic_0000001219350445_a957599187b304c0fa3f0eeadc628632b">Keytab file path. This parameter is a client parameter.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.3 "><p id="mrs_01_1574__en-us_topic_0000001219350445_ae60c228438c047a5bd830624baab8101">Configure the parameter based on actual service requirements.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.4 "><p id="mrs_01_1574__en-us_topic_0000001219350445_a1d0ac504bf0f45ecac2da0c69cb86699">Yes</p>
</td>
</tr>
<tr id="mrs_01_1574__en-us_topic_0000001219350445_r691b0188c09a47e4bda5e5bfcdb2400c"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.1 "><p id="mrs_01_1574__en-us_topic_0000001219350445_a24c32334b6204ccc8a4759a7d907873e">security.kerberos.login.principal</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.2 "><p id="mrs_01_1574__en-us_topic_0000001219350445_aea3aef0dd1b24ce18cad67080375153a">A parameter on the client. If <strong id="mrs_01_1574__en-us_topic_0000001219350445_b3973687971003">security.kerberos.login.keytab</strong> and <strong id="mrs_01_1574__en-us_topic_0000001219350445_b12591577801003">security.kerberos.login.principal</strong> are both set, keytab certificate is used by default.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.3 "><p id="mrs_01_1574__en-us_topic_0000001219350445_aba2ab78e52754af8a1a25a9b922442bf">Configure the parameter based on actual service requirements.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.4 "><p id="mrs_01_1574__en-us_topic_0000001219350445_aa45ce1f884154ac99ffcb143c14fb044">No</p>
</td>
</tr>
<tr id="mrs_01_1574__en-us_topic_0000001219350445_r988dee09f0984048a66e28e24cc7ea17"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.1 "><p id="mrs_01_1574__en-us_topic_0000001219350445_a6616d9ebf0ad4e588055b4bae3a4079e">security.kerberos.login.contexts</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.2 "><p id="mrs_01_1574__en-us_topic_0000001219350445_a4502001a5f4c43b2b1f45861317e4a5b">Contexts of the jass file generated by Flink. This parameter is a server parameter.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.3 "><p id="mrs_01_1574__en-us_topic_0000001219350445_adae4f86df499445b83c8415f87d22892">Client, KafkaClient</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.4 "><p id="mrs_01_1574__en-us_topic_0000001219350445_a6c452d75bec145beb9b7e4d540eb5e29">Yes</p>
</td>
</tr>
<tr id="mrs_01_1574__en-us_topic_0000001219350445_ra12050e848ae4fba8b527c8312c57d18"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.1 "><p id="mrs_01_1574__en-us_topic_0000001219350445_a5b55ad4b8d944f51b08d6ce055538f8d">security.enable</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.2 "><p id="mrs_01_1574__en-us_topic_0000001219350445_ada3fd4053af24655be7770337a02ad81">Certificate enabling switch of the Flink internal module. This parameter is a client parameter.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.3 "><p id="mrs_01_1574__en-us_topic_0000001219350445_a432f0963042e453d95eaa473a7d940d8">This parameter is configured automatically according to the cluster installation mode.</p>
<ul id="mrs_01_1574__en-us_topic_0000001219350445_u05b4d0770da74c988d7b4d03bf3b6594"><li id="mrs_01_1574__en-us_topic_0000001219350445_ld3843dfbf4b743f79dcfaa5496888f89">Security mode: The default value is <strong id="mrs_01_1574__en-us_topic_0000001219350445_b16369560681003">true</strong>.</li><li id="mrs_01_1574__en-us_topic_0000001219350445_ld51a29f10f2b42e48295a07c493b43ec">Non-security mode: The default value is <strong id="mrs_01_1574__en-us_topic_0000001219350445_b11630540741003">false</strong>.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.4 "><p id="mrs_01_1574__en-us_topic_0000001219350445_a46e18c1cc7294d7e81cbf9905adcf99a">Yes</p>
</td>
</tr>
<tr id="mrs_01_1574__en-us_topic_0000001219350445_r83ebd8e810e8427e93fa4b49b76ce7f0"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.1 "><p id="mrs_01_1574__en-us_topic_0000001219350445_a29c663b5c31f4c1e9b4b566b714d36cc">security.cookie</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.2 "><p id="mrs_01_1574__en-us_topic_0000001219350445_a3345957d66a747d28567fbfc9c5a2d0d">Module certificate token. This parameter is a client parameter. It must be configured and cannot be left empty when <strong id="mrs_01_1574__en-us_topic_0000001219350445_b16464395721003">security.enable</strong> is enabled.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.3 "><p id="mrs_01_1574__en-us_topic_0000001219350445_aa19c89d143884df19513a0c91fa79e0d">Configure the parameter based on actual service requirements.</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.3.2.5.1.4 "><p id="mrs_01_1574__en-us_topic_0000001219350445_a896e5a8f01dc401e8a8b0afae5b9efc6">Yes</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0592.html">Flink Configuration Management</a></div>
</div>
</div>