I have Kerberos authentication enabled in Kafka, can I authenticate through the plugin proxy?

[mpv945]

The client program uses Spring Boot3 to integrate the Kafka SDK. Now that Kafka authentication has been changed to Kerberos authentication, I want to change the code as little as possible and pass the mod_auth_gssapi intermediate proxy Kerberos authentication.

[simo5]

I am not familiar with Kafka, so I do not know what your setup may look like. From an authentication pov modauthgssapi behaves like any other Apache HTTPD auth plugin. It can set a REMOTE_USER variable, and a few others. So it will depend on your runtime if it can recognize authentication based on httpd env vars or not. If you do this then you do not need GSSAPI authentication in your application at all, as it will be resolved at the HTTPD level.