ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json - ambari - Git at Google

 {
   "services": [
     {
       "name": "KAFKA",
       "identities": [
         {
           "name": "/smokeuser"
         }
       ],
       "configurations": [
         {
           "kafka-broker": {
               "authorizer.class.name": "kafka.security.auth.SimpleAclAuthorizer",
               "principal.to.local.class":"kafka.security.auth.KerberosPrincipalToLocal",
               "super.users": "user:${kafka-env/kafka_user}",
               "security.inter.broker.protocol": "PLAINTEXTSASL",
               "zookeeper.set.acl": "true"
           }
         },
         {
           "ranger-kafka-audit": {
             "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
             "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
             "xasecure.audit.jaas.Client.option.useKeyTab": "true",
             "xasecure.audit.jaas.Client.option.storeKey": "false",
             "xasecure.audit.jaas.Client.option.serviceName": "solr",
             "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
           }
         }
       ],
       "components": [
         {
           "name": "KAFKA_BROKER",
           "identities": [
             {
               "name": "kafka_broker",
               "principal": {
                 "value": "${kafka-env/kafka_user}/_HOST@${realm}",
                 "type": "service",
                 "configuration": "kafka-env/kafka_principal_name"
               },
               "keytab": {
                 "file": "${keytab_dir}/kafka.service.keytab",
                 "owner": {
                   "name": "${kafka-env/kafka_user}",
                   "access": "r"
                 },
                 "group": {
                   "name": "${cluster-env/user_group}",
                   "access": ""
                 },
                 "configuration": "kafka-env/kafka_keytab"
               }
             },
             {
               "name": "/KAFKA/KAFKA_BROKER/kafka_broker",
               "principal": {
                 "configuration": "ranger-kafka-audit/xasecure.audit.jaas.Client.option.principal"
               },
               "keytab": {
                 "configuration": "ranger-kafka-audit/xasecure.audit.jaas.Client.option.keyTab"
               }
             }
           ]
         }
       ]
     }
   ]
 }
	{
	"services": [
	{
	"name": "KAFKA",
	"identities": [
	{
	"name": "/smokeuser"
	}
	],
	"configurations": [
	{
	"kafka-broker": {
	"authorizer.class.name": "kafka.security.auth.SimpleAclAuthorizer",
	"principal.to.local.class":"kafka.security.auth.KerberosPrincipalToLocal",
	"super.users": "user:${kafka-env/kafka_user}",
	"security.inter.broker.protocol": "PLAINTEXTSASL",
	"zookeeper.set.acl": "true"
	}
	},
	{
	"ranger-kafka-audit": {
	"xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
	"xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
	"xasecure.audit.jaas.Client.option.useKeyTab": "true",
	"xasecure.audit.jaas.Client.option.storeKey": "false",
	"xasecure.audit.jaas.Client.option.serviceName": "solr",
	"xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
	}
	}
	],
	"components": [
	{
	"name": "KAFKA_BROKER",
	"identities": [
	{
	"name": "kafka_broker",
	"principal": {
	"value": "${kafka-env/kafka_user}/_HOST@${realm}",
	"type": "service",
	"configuration": "kafka-env/kafka_principal_name"
	},
	"keytab": {
	"file": "${keytab_dir}/kafka.service.keytab",
	"owner": {
	"name": "${kafka-env/kafka_user}",
	"access": "r"
	},
	"group": {
	"name": "${cluster-env/user_group}",
	"access": ""
	},
	"configuration": "kafka-env/kafka_keytab"
	}
	},
	{
	"name": "/KAFKA/KAFKA_BROKER/kafka_broker",
	"principal": {
	"configuration": "ranger-kafka-audit/xasecure.audit.jaas.Client.option.principal"
	},
	"keytab": {
	"configuration": "ranger-kafka-audit/xasecure.audit.jaas.Client.option.keyTab"
	}
	}
	]
	}
	]
	}
	]
	}