[ https://issues.apache.org/jira/browse/KAFKA-15472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17766277#comment-17766277 ]
RivenSun commented on KAFKA-15472: ---------------------------------- close this ticket... I found KAFKA-14084 at https://archive.apache.org/dist/kafka/3.5.0/RELEASE_NOTES.html. I think we should declare this in a more obvious place, such as here [https://kafka.apache.org/documentation/#upgrade_350_notable] [~pprovenzano] [~cmccabe] Thanks > Kraft broker does not seem to support sasl/scram authentication > --------------------------------------------------------------- > > Key: KAFKA-15472 > URL: https://issues.apache.org/jira/browse/KAFKA-15472 > Project: Kafka > Issue Type: Bug > Components: security > Affects Versions: 3.4.1 > Reporter: RivenSun > Priority: Major > > kafka server&client version: 3.4.1 > server.properties > > {code:java} > #controller communicate config > sasl.mechanism.controller.protocol=PLAIN > #broker communicate config > #security.inter.broker.protocol=SASL_PLAINTEXT > inter.broker.listener.name=INTERNAL_SSL > sasl.mechanism.inter.broker.protocol=PLAIN > #sasl authentication config > sasl.kerberos.service.name=kafka > sasl.enabled.mechanisms=PLAIN,SCRAM-SHA-256,SCRAM-SHA-512,GSSAPI,OAUTHBEARER > {code} > > kafkaClient test code > > {code:java} > AdminClient adminClient = AdminClient.create(props); > try { > UserScramCredentialUpsertion credentialUpsertion = new > UserScramCredentialUpsertion("test", > new ScramCredentialInfo(ScramMechanism.SCRAM_SHA_256, > 4096),"test"); > > adminClient.alterUserScramCredentials(Collections.singletonList(credentialUpsertion)).all().get(); > Set<String> users = > adminClient.describeUserScramCredentials(Collections.singletonList("test")).all().get().keySet(); > System.out.println(users); > Collection<Node> nodes = adminClient.describeCluster().nodes().get(); > System.out.println(nodes); > } catch (Exception e) { > System.out.println(e.toString()); > LOG.error("failed", e); > } finally { > adminClient.close(); > } {code} > > > error log > > {code:java} > [main] INFO org.apache.kafka.common.security.authenticator.AbstractLogin - > Successfully logged in. > [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka version: 3.4.1 > [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka commitId: > 8a516edc2755df89 > [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka startTimeMs: > 1695024285450 > Disconnected from the target VM, address: '127.0.0.1:52962', transport: > 'socket' > java.util.concurrent.ExecutionException: > org.apache.kafka.common.errors.UnsupportedVersionException: The broker does > not support ALTER_USER_SCRAM_CREDENTIALS > [main] ERROR us.zoom.mq.examples.AdminClientTest - failed > java.util.concurrent.ExecutionException: > org.apache.kafka.common.errors.UnsupportedVersionException: The broker does > not support ALTER_USER_SCRAM_CREDENTIALS > at > java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396) > at > java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2073) > at > org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165) > at us.zoom.mq.examples.AdminClientTest.main(AdminClientTest.java:50) > Caused by: org.apache.kafka.common.errors.UnsupportedVersionException: The > broker does not support ALTER_USER_SCRAM_CREDENTIALS > [kafka-admin-client-thread | adminclient-1] INFO > org.apache.kafka.common.utils.AppInfoParser - App info kafka.admin.client for > adminclient-1 unregistered > [kafka-admin-client-thread | adminclient-1] INFO > org.apache.kafka.common.metrics.Metrics - Metrics scheduler closed > [kafka-admin-client-thread | adminclient-1] INFO > org.apache.kafka.common.metrics.Metrics - Closing reporter > org.apache.kafka.common.metrics.JmxReporter > [kafka-admin-client-thread | adminclient-1] INFO > org.apache.kafka.common.metrics.Metrics - Metrics reporters closed {code} > When executing the adminClient.describeUserScramCredentials method, an error > will also be reported: java.util.concurrent.ExecutionException: > {code:java} > org.apache.kafka.common.errors.UnsupportedVersionException: The broker does > not support DESCRIBE_USER_SCRAM_CREDENTIALS{code} > > In Kafka's official website, > https://kafka.apache.org/documentation/#kraft_missing > I didn't see that Kraft does not support sasl/scram. > But when I read the sasl/scram chapter, I found that zookeeper is still used > to introduce the scram authentication mechanism. > https://kafka.apache.org/documentation/#security_sasl_scram > > > -- This message was sent by Atlassian Jira (v8.20.10#820010)