[
https://issues.apache.org/jira/browse/KAFKA-2731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14987487#comment-14987487
]
Flavio Junqueira commented on KAFKA-2731:
-----------------------------------------
[~mabbasi90.class] You also need to configure the zookeeper ensemble. You'll
need a section for the server that looks like this:
{noformat}
Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/zookeeper/conf/zookeeper.keytab"
storeKey=true
useTicketCache=false
principal="zookeeper/fully.qualified.domain.name@<YOUR-REALM>";
};
{noformat}
> Kerberos on same host with Kafka does not find server in it's database on
> Ubuntu
> --------------------------------------------------------------------------------
>
> Key: KAFKA-2731
> URL: https://issues.apache.org/jira/browse/KAFKA-2731
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 0.9.0.0
> Reporter: Mohammad Abbasi
>
> Configuring Kafka to use keytab created in Kerberos, as it's said in
> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61326390,
> Kerberos logs:
> Nov 02 17:25:13 myhost krb5kdc[3307](info): TGS_REQ (5 etypes {17 16 23 1 3})
> 192.168.18.241: LOOKING_UP_SERVER: authtime 0, kafka/[email protected] for
> <unknown server>, Server not found in Kerberos database
> Kafka's log:
> SASL Connection info:
> [2015-11-03 18:33:00,544] DEBUG creating sasl client:
> client=kafka/[email protected];service=zookeeper;serviceHostname=myhost
> (org.apache.zookeeper.client.ZooKeeperSaslClient)
> and error:
> [2015-11-03 18:33:00,607] ERROR An error:
> (java.security.PrivilegedActionException: javax.security.sasl.SaslException:
> GSS initiate failed [Caused by GSSException: No valid credentials provided
> (Mechanism level: Server not found in Kerberos database (7) -
> LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's
> received SASL token. Zookeeper Client will go to AUTH_FAILED state.
> (org.apache.zookeeper.client.ZooKeeperSaslClient)
> [2015-11-03 18:33:00,607] ERROR SASL authentication with Zookeeper Quorum
> member failed: javax.security.sasl.SaslException: An error:
> (java.security.PrivilegedActionException: javax.security.sasl.SaslException:
> GSS initiate failed [Caused by GSSException: No valid credentials provided
> (Mechanism level: Server not found in Kerberos database (7) -
> LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's
> received SASL token. Zookeeper Client will go to AUTH_FAILED state.
> (org.apache.zookeeper.ClientCnxn)
> Kerberos works ok in kinit and kvno with the keytab.
> Some people said it's DNS or /etc/hosts problem, but nslookup was ok with ip
> and hostname
> and /etc/hosts is:
> 127.0.0.1 myhost localhost
> # The following lines are desirable for IPv6 capable hosts
> ::1 ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> I tested it with the host's ip too.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
