2 years ago
#49624
Rupesh Nayak
Getting SASL kerberos error in Kafka when starting the kafka broker
I am trying to enable kerberos authentication in kafka server .Please find the configurations mention below I am using below config for zookeeper jaas config
Getting below error during kafka startup:
[2022-01-14 09:51:21,405] ERROR An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)]) occurred when evaluating Zookeeper Quorum Member's received SASL token. This may be caused by Java's being unable to resolve the Zookeeper Quorum Member's hostname correctly. You may want to try to adding '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your client's JVMFLAGS environment. Zookeeper Client will go to AUTH_FAILED state. (org.apache.zookeeper.client.ZooKeeperSaslClient)
[2022-01-14 09:51:21,405] ERROR SASL authentication with Zookeeper Quorum member failed. (org.apache.zookeeper.ClientCnxn)
javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)]) occurred when evaluating Zookeeper Quorum Member's received SASL token. This may be caused by Java's being unable to resolve the Zookeeper Quorum Member's hostname correctly. You may want to try to adding '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your client's JVMFLAGS environment. Zookeeper Client will go to AUTH_FAILED state. [Caused by java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)]]
I'm trying to tackle a kerberos config as shown above .Not sure why unable to understand how it works after configuration
zookeerper config :-
Server{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=True
keyTab="/home/apps/JioMhere/KAFKA_NEW/keytab_files/kafkast1.user.keytab"
storeKey=true
useTicketCache=false
principal="kafkast/10.135.128.156@ST.JIOCONNECT.COM";
};
Kafka server is as below:
KafkaClient{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=True
keyTab="/home/apps/JioMhere/KAFKA_NEW/keytab_files/kafkast1.user.keytab"
storeKey=true
useTicketCache=false
principal="kafkast/10.135.128.156@ST.JIOCONNECT.COM";
};
java
spring
apache-kafka
kerberos
0 Answers
Your Answer