tests/kafkatest/services/security/templates/jaas.conf

/**
  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE
  * file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file
  * to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the
  * License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations under the License.
  */


KafkaClient {
{% if client_sasl_mechanism == "GSSAPI" %}
{% if is_ibm_jdk %}
    com.ibm.security.auth.module.Krb5LoginModule required debug=false
    credsType=both
    useKeytab="file:/mnt/security/keytab"
    principal="client@EXAMPLE.COM";
{% else %}
    com.sun.security.auth.module.Krb5LoginModule required debug=false
    doNotPrompt=true
    useKeyTab=true
    storeKey=true
    keyTab="/mnt/security/keytab"
    principal="client@EXAMPLE.COM";
{% endif %}
{% elif client_sasl_mechanism == "PLAIN" %}
	org.apache.kafka.common.security.plain.PlainLoginModule required
	username="client"
	password="client-secret";
{% endif %}

};

KafkaServer {
{% if "GSSAPI" in enabled_sasl_mechanisms %}
{% if is_ibm_jdk %}
    com.ibm.security.auth.module.Krb5LoginModule required debug=false
    credsType=both
    useKeytab="file:/mnt/security/keytab"
    principal="kafka/{{ node.account.hostname }}@EXAMPLE.COM";
{% else %}
    com.sun.security.auth.module.Krb5LoginModule required debug=false
    doNotPrompt=true
    useKeyTab=true
    storeKey=true
    keyTab="/mnt/security/keytab"
    principal="kafka/{{ node.account.hostname }}@EXAMPLE.COM";
{% endif %}
{% endif %}
{% if "PLAIN" in enabled_sasl_mechanisms %}
	org.apache.kafka.common.security.plain.PlainLoginModule required
	username="kafka"
	password="kafka-secret"
	user_client="client-secret"
	user_kafka="kafka-secret";
{% endif %}
};

{% if zk_sasl %}
Client {
{% if is_ibm_jdk %}
    com.ibm.security.auth.module.Krb5LoginModule required debug=false
    credsType=both
    useKeytab="file:/mnt/security/keytab"
    principal="zkclient@EXAMPLE.COM";
{% else %}
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/mnt/security/keytab"
   storeKey=true
   useTicketCache=false
   principal="zkclient@EXAMPLE.COM";
{% endif %}
};

Server {
{% if is_ibm_jdk %}
   com.ibm.security.auth.module.Krb5LoginModule required debug=false
   credsType=both
   useKeyTab="file:/mnt/security/keytab"
   principal="zookeeper/{{ node.account.hostname }}@EXAMPLE.COM";
{% else %}
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/mnt/security/keytab"
   storeKey=true
   useTicketCache=false
   principal="zookeeper/{{ node.account.hostname }}@EXAMPLE.COM";
{% endif %}
};
{% endif %}