[
https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17147519#comment-17147519
]
rujia commented on RANGER-2810:
-------------------------------
this problem is caused by kafka run witout core-site.xml, and then kakfa-plugin
add OS user to principal list of subject, when the server principal expired,
the os user will be remove and append to the principal list, the OS user will
be the fiest one, and then will cause GSSAPI error then do connection
> Kafka with Ranger plugin will fail
> ----------------------------------
>
> Key: RANGER-2810
> URL: https://issues.apache.org/jira/browse/RANGER-2810
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: master, 2.0.0, 2.1.0
> Environment: CentOS Linux release 7.6.1810 (Core)
> Ranger 2.0.0
> Reporter: bright.zhou
> Assignee: Pradeep Agrawal
> Priority: Blocker
> Attachments: image-2020-06-15-14-46-53-528.png
>
>
> We use Ranger plugin to admin acls of Kafka cluster. At first , everything is
> ok, but after 10h+ of kafka start, there is something wrong occured, we can
> see error log in kafka-root.log, the error log is `Authentication failed
> during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ
> name protocol error: xxxxx `。To solve this we had to restart Kafka, It's so
> strange that if i change `authorizer.class.name` to
> `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger
> is related with acls and not related with SASL authentication,so i want to
> ask for help.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
