0

This is not really a programming question - rather one about different implementation options.

I'm trying to stream data to a Message Hub on Bluemix using the Kafka connector in DataStage. The connector stage only let's me choose Kerberos for authentication. Problem is, I don't have a Kerberos server at the moment, I don't think I can set one up in Bluemix and Bluemix / Message Hub definitely requires some form of authentication, so I can't just set the authentication in DataStage to 'No' (among other reasons).

At this point, my questions are basically:

1.) Is it even possible to authorize somebody for the Message Hub service on Bluemix through a Kerberos server, that is not on Bluemix?

2.) Given that either one is possible, a Bluemix-based Kerberos server or an "external" one: As far as I understand, Kerberos can only grant access to certain services on a server. Am I right in assuming, that the Bluemix Message Hub credentials would then be part of the TGS (Ticket Granting Server) reply to the client?

3.) In case, the Kerberos approach doesn't work at all: Does it make sense to configure the consumer, producer and jaas config files on our DataStage server similar to this: https://www.youtube.com/watch?v=tt-bLtFzC_4 (around the 1:40 mark) to have a static connection as an intermediate solution? (Rightfully you might ask: "Why hasn't he tried himself?" - Well, unfortunately, I'm not the server admin...)

4.) If both ideas are perfect nonsense, how would you try to solve this?

One more thing: Unfortunately, using the REST API is currently not an option (Hopefully will be an option soon though...).

halfer
  • 18,701
  • 13
  • 79
  • 158
Jan
  • 1
  • 2
  • Hi Jan, welcome to stackoverflow. I've recently been through Datastage consuming from Messagehub - reach out to me on linked in and I'll share my progress with you along with some prototype code - https://www.linkedin.com/in/csnowuk/. My rough approach can be see [here](https://stackoverflow.com/questions/46090731/can-multiple-output-rows-be-created-in-the-process-method-for-a-java-client) – Chris Snow Sep 13 '17 at 07:13
  • I can't answer the Datastage questions, but for 1) Message Hub does not support authentication using Kerberos. The only supported method is SASL Plain – Mickael Maison Sep 13 '17 at 08:43
  • @ChrisSnow: would you be able to write an answer here? That will potentially benefit many future readers, rather than just one. – halfer Sep 13 '17 at 11:18
  • @halfer I'm still at the experimentation stage, so I'm not able to provide an authoritative answer yet. – Chris Snow Sep 13 '17 at 13:12
  • Fair enough @Chris. Just a thought: if you wish, you can still jot down your experimental material here, and mark it as experimental - the litmus test is whether it would be useful for others. Exposing it here may give you feedback as to whether you're doing it right too. – halfer Sep 13 '17 at 13:15
  • Thanks a lot for your quick responses! After spending another 1.5 days on this, I start having serious doubts about a Datastage based solution...currently I'm leaning towards a NodeJS solution, because then everything will be on Bluemix - even if it means more coding. @Chris: I'll contact you in the next couple of days. – Jan Sep 13 '17 at 20:08

0 Answers0