Mohit Anchlia created KAFKA-3090:
------------------------------------
Summary: Zookeeper disconnects with "can't find default realm"
message
Key: KAFKA-3090
URL: https://issues.apache.org/jira/browse/KAFKA-3090
Project: Kafka
Issue Type: Bug
Components: security
Environment: RHEL 6
Reporter: Mohit Anchlia
Server disconnects from the zookeeper with the following log. It appears that
it can't determine the realm even though the setup I performed looks ok.
In here find the list of principals, logs and Jaas file:
1) Jaas file
KafkaServer {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/mnt/kafka/kafka/kafka.keytab"
principal="kafka/10.24.251....@example.com";
};
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/mnt/kafka/kafka/kafka.keytab"
principal="kafka/10.24.251....@example.com";
};
2) Principles from krb admin
kadmin.local: list_principals
K/m...@example.com
kadmin/ad...@example.com
kadmin/chang...@example.com
kadmin/ip-10-24-251-175.us-west-2.compute.inter...@example.com
kafka/10.24.251....@example.com
krbtgt/example....@example.com
3) [2016-01-12 14:53:13,132] WARN SASL configuration failed:
javax.security.auth.login.LoginException: Cannot locate default realm Will
continue connection to Zookeeper server without SASL authentication, if
Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
[2016-01-12 14:53:13,134] INFO Opening socket connection to server
localhost/127.0.0.1:2181 (org.apache.zookeeper.ClientCnxn)
[2016-01-12 14:53:13,134] INFO zookeeper state changed (AuthFailed)
(org.I0Itec.zkclient.ZkClient)
[2016-01-12 14:53:13,139] INFO Accepted socket connection from /127.0.0.1:53028
(org.apache.zookeeper.server.NIOServerCnxnFactory)
[2016-01-12 14:53:13,139] INFO Socket connection established to
localhost/127.0.0.1:2181, initiating session (org.apache.zookeeper.ClientCnxn)
[2016-01-12 14:53:13,142] INFO Client attempting to establish new session at
/127.0.0.1:53028 (org.apache.zookeeper.server.ZooKeeperServer)
[2016-01-12 14:53:13,144] INFO Established session 0x152376012690001 with
negotiated timeout 6000 for client /127.0.0.1:53028
(org.apache.zookeeper.server.ZooKeeperServer)
[2016-01-12 14:53:13,146] INFO Session establishment complete on server
localhost/127.0.0.1:2181, sessionid = 0x152376012690001, negotiated timeout =
6000 (org.apache.zookeeper.ClientCnxn)
[2016-01-12 14:53:13,146] INFO zookeeper state changed (SyncConnected)
(org.I0Itec.zkclient.ZkClient)
[2016-01-12 14:53:19,087] INFO Terminate ZkClient event thread.
(org.I0Itec.zkclient.ZkEventThread)
[2016-01-12 14:53:19,088] INFO Processed session termination for sessionid:
0x152376012690001 (org.apache.zookeeper.server.PrepRequestProcessor)
[2016-01-12 14:53:19,089] INFO Session: 0x152376012690001 closed
(org.apache.zookeeper.ZooKeeper)
[2016-01-12 14:53:19,089] INFO EventThread shut down
(org.apache.zookeeper.ClientCnxn)
[2016-01-12 14:53:19,089] INFO Closed socket connection for client
/127.0.0.1:53028 which had sessionid 0x152376012690001
(org.apache.zookeeper.server.NIOServerCnxn)
[2016-01-12 14:53:19,090] FATAL Fatal error during KafkaServer startup. Prepare
to shutdown (kafka.server.KafkaServer)
org.I0Itec.zkclient.exception.ZkTimeoutException: Unable to connect to
zookeeper server within timeout: 6000
at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1223)
at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:155)
at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:129)
at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:89)
at kafka.utils.ZkUtils$.apply(ZkUtils.scala:71)
at kafka.server.KafkaServer.initZk(KafkaServer.scala:278)
at kafka.server.KafkaServer.startup(KafkaServer.scala:168)
at
kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37)
at kafka.Kafka$.main(Kafka.scala:67)
at kafka.Kafka.main(Kafka.scala)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
