RivenSun created KAFKA-15472: -------------------------------- Summary: Kraft broker does not seem to support sasl/scram authentication Key: KAFKA-15472 URL: https://issues.apache.org/jira/browse/KAFKA-15472 Project: Kafka Issue Type: Bug Components: security Affects Versions: 3.4.1 Reporter: RivenSun
kafka server&client version: 3.4.1 server.properties {code:java} #controller communicate config sasl.mechanism.controller.protocol=PLAIN #broker communicate config #security.inter.broker.protocol=SASL_PLAINTEXT inter.broker.listener.name=INTERNAL_SSL sasl.mechanism.inter.broker.protocol=PLAIN #sasl authentication config sasl.kerberos.service.name=kafka sasl.enabled.mechanisms=PLAIN,SCRAM-SHA-256,SCRAM-SHA-512,GSSAPI,OAUTHBEARER {code} kafkaClient test code {code:java} AdminClient adminClient = AdminClient.create(props); try { UserScramCredentialUpsertion credentialUpsertion = new UserScramCredentialUpsertion("test", new ScramCredentialInfo(ScramMechanism.SCRAM_SHA_256, 4096),"test"); adminClient.alterUserScramCredentials(Collections.singletonList(credentialUpsertion)).all().get(); Set<String> users = adminClient.describeUserScramCredentials(Collections.singletonList("test")).all().get().keySet(); System.out.println(users); Collection<Node> nodes = adminClient.describeCluster().nodes().get(); System.out.println(nodes); } catch (Exception e) { System.out.println(e.toString()); LOG.error("failed", e); } finally { adminClient.close(); } {code} error log {code:java} [main] INFO org.apache.kafka.common.security.authenticator.AbstractLogin - Successfully logged in. [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka version: 3.4.1 [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka commitId: 8a516edc2755df89 [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1695024285450 Disconnected from the target VM, address: '127.0.0.1:52962', transport: 'socket' java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.UnsupportedVersionException: The broker does not support ALTER_USER_SCRAM_CREDENTIALS [main] ERROR us.zoom.mq.examples.AdminClientTest - failed java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.UnsupportedVersionException: The broker does not support ALTER_USER_SCRAM_CREDENTIALS at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396) at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2073) at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165) at us.zoom.mq.examples.AdminClientTest.main(AdminClientTest.java:50) Caused by: org.apache.kafka.common.errors.UnsupportedVersionException: The broker does not support ALTER_USER_SCRAM_CREDENTIALS [kafka-admin-client-thread | adminclient-1] INFO org.apache.kafka.common.utils.AppInfoParser - App info kafka.admin.client for adminclient-1 unregistered [kafka-admin-client-thread | adminclient-1] INFO org.apache.kafka.common.metrics.Metrics - Metrics scheduler closed [kafka-admin-client-thread | adminclient-1] INFO org.apache.kafka.common.metrics.Metrics - Closing reporter org.apache.kafka.common.metrics.JmxReporter [kafka-admin-client-thread | adminclient-1] INFO org.apache.kafka.common.metrics.Metrics - Metrics reporters closed {code} When executing the adminClient.describeUserScramCredentials method, an error will also be reported: java.util.concurrent.ExecutionException: {code:java} org.apache.kafka.common.errors.UnsupportedVersionException: The broker does not support DESCRIBE_USER_SCRAM_CREDENTIALS{code} In Kafka's official website, https://kafka.apache.org/documentation/#kraft_missing I didn't see that Kraft does not support sasl/scram. But when I read the sasl/scram chapter, I found that zookeeper is still used to introduce the scram authentication mechanism. https://kafka.apache.org/documentation/#security_sasl_scram -- This message was sent by Atlassian Jira (v8.20.10#820010)