[
https://issues.apache.org/jira/browse/KAFKA-6198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ronald van de Kuil resolved KAFKA-6198.
---------------------------------------
Resolution: Fixed
> kerberos login fails
> --------------------
>
> Key: KAFKA-6198
> URL: https://issues.apache.org/jira/browse/KAFKA-6198
> Project: Kafka
> Issue Type: Test
> Components: clients
> Affects Versions: 0.11.0.1
> Environment: raspberrypi
> Reporter: Ronald van de Kuil
> Priority: Minor
>
> I got very far with setting up kerberos on the raspberry pi as part of self
> study.
> I believe that the kafka server is happy with kerberos:
> [2017-11-10 12:17:51,659] INFO Successfully authenticated client:
> authenticationID=kafka/[email protected];
> authorizationID=kafka/[email protected].
> (org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler)
> [2017-11-10 12:17:51,661] INFO Setting authorizedID: kafka
> (org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler)
> I have setup the kafka.security.auth.SimpleAclAuthorizer
> And granted the following access:
> Current ACLs for resource `Topic:kerberos-topic`:
> User:producer has Allow permission for operations: Describe from hosts:
> *
> User:producer has Allow permission for operations: Write from hosts: *
> User:[email protected] has Allow permission for operations: Describe
> from hosts: *
> User:[email protected] has Allow permission for operations: Write
> from hosts: *
> When I start the client, then I see it getting the kerberos ticket:
> [main] INFO org.apache.kafka.common.security.authenticator.AbstractLogin -
> Successfully logged in.
> [[email protected]] INFO
> org.apache.kafka.common.security.kerberos.KerberosLogin -
> [[email protected]]: TGT refresh thread started.
> [[email protected]] INFO
> org.apache.kafka.common.security.kerberos.KerberosLogin -
> [[email protected]]: TGT valid starting at: Fri Nov 10 12:50:11
> CET 2017
> [[email protected]] INFO
> org.apache.kafka.common.security.kerberos.KerberosLogin -
> [[email protected]]: TGT expires: Fri Nov 10 22:50:11 CET 2017
> [[email protected]] INFO
> org.apache.kafka.common.security.kerberos.KerberosLogin -
> [[email protected]]: TGT refresh sleeping until: Fri Nov 10
> 21:13:37 CET 2017
> But the client fails to login:
> [kafka-producer-network-thread | producer-1] WARN
> org.apache.kafka.clients.NetworkClient - Connection to node -1 terminated
> during authentication. This may indicate that authentication failed due to
> invalid credentials.
> I do not see any warnings in the logs, so I do not have much to go on.
> What can I do to get my finger behind this issue?
> Thank you,
> Ronald - the NOOB
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
