Merge pull request #227717 from sreekzz/patch-140

Modified Code block for Kafka 2.1

Author: Maggiemouse1

articles/hdinsight/kafka/apache-esp-kafka-ssl-encryption-authentication.md

@@ -4,7 +4,7 @@ description: Set up TLS encryption for communication between Kafka clients and K
 ms.service: hdinsight
 ms.topic: how-to
 ms.custom: hdinsightactive
-ms.date: 02/14/2023
+ms.date: 02/17/2023
 ---
 
 # Set up TLS encryption and authentication for ESP Apache Kafka cluster in Azure HDInsight
@@ -201,7 +201,7 @@ These steps are detailed in the following code snippets.
     keytool -keystore kafka.client.keystore.jks -alias CARoot -import -file ca-cert -storepass "MyClientPassword123" -keypass "MyClientPassword123" -noprompt
     ```
 
-1. Create the file `client-ssl-auth.properties` on client machine (hn1) . It should have the following lines:
+1. Create the file `client-ssl-auth.properties` on client machine (hn1). It should have the following lines:
 
     ```config
     security.protocol=SASL_SSL
@@ -316,23 +316,49 @@ Run these steps on the client machine.
 
 ### Kafka 2.1 or above
 
-1. Create a topic if it doesn't exist already.
+> [!Note]
+> Below commands will work if you are either using Kafka user or a custom user which have access to do CRUD operation.
 
-    ```bash
-    /usr/hdp/current/kafka-broker/bin/kafka-topics.sh --zookeeper <ZOOKEEPER_NODE>:2181 --create --topic topic1 --partitions 2 --replication-factor 2
-    ```
+:::image type="content" source="./media/apache-esp-kafka-ssl-encryption-authentication/access-to-crud-operation.png" alt-text="Screenshot showing how to provide access CRUD operations." border="true":::
 
-1. Start console producer and provide the path to `client-ssl-auth.properties` as a configuration file for the producer.
+Using Command Line Tool
 
-    ```bash
-    /usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh --broker-list <FQDN_WORKER_NODE>:9093 --topic topic1 --producer.config ~/ssl/client-ssl-auth.properties
-    ```
+1. Create a topic if it doesn't exist already.
+
+   ```bash
+   sudo su kafka –c "/usr/hdp/current/kafka-broker/bin/kafka-topics.sh --zookeeper <ZOOKEEPER_NODE>:2181 --create --topic topic1 --partitions 2 --replication-factor 2"
+   ```
+   To use a keytab, create a JAAS file with the following content. Be sure to point the keyTab property to your keytab file and reference the principal used inside the keytab. Following is a sample JAAS file created and placed in the location in VM: **/home/hdiuser/kafka_client_jaas_keytab.conf**
+   
+   ```
+   KafkaClient { 
+      com.sun.security.auth.module.Krb5LoginModule required
+      useKeyTab=true
+      storeKey=true
+      keyTab="/home/hdiuser/espkafkauser.keytab"
+      principal="[email protected]";
+   };
+   ```
+      
+1. Start console producer and provide the path to `client-ssl-auth.properties` as a configuration file for the producer.
 
+   ```bash
+    export KAFKA_OPTS="-Djava.security.auth.login.config=/home/hdiuser/kafka_client_jaas_keytab.conf"
+    
+   /usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh --broker-list <FQDN_WORKER_NODE>:9093 --topic topic1 --producer.config ~/ssl/client-ssl-auth.properties
+   ```
+   
 1. Open another ssh connection to client machine and  start console consumer and provide the path to `client-ssl-auth.properties` as a configuration file for the consumer.
 
-    ```bash
-    /usr/hdp/current/kafka-broker/bin/kafka-console-consumer.sh --bootstrap-server <FQDN_WORKER_NODE>:9093 --topic topic1 --consumer.config ~/ssl/client-ssl-auth.properties --from-beginning
-    ```
+   ```bash
+   export KAFKA_OPTS="-Djava.security.auth.login.config=/home/hdiuser/kafka_client_jaas_keytab.conf"
+    
+   /usr/hdp/current/kafka-broker/bin/kafka-console-consumer.sh --bootstrap-server <FQDN_WORKER_NODE>:9093 --topic topic1 --consumer.config ~/ssl/client-ssl-auth.properties --from-beginning
+   ```
+   
+If you want to use Java client to do CRUD operations, then use following GitHub repository.
+
+https://github.com/Azure-Samples/hdinsight-kafka-java-get-started/tree/main/DomainJoined-Producer-Consumer-With-TLS
 
 ## Next steps