[ https://issues.apache.org/jira/browse/KAFKA-12530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
kaushik srinivas updated KAFKA-12530: ------------------------------------- Description: We are trying to use kafka-configs script to modify the sasl jaas configurations, but unable to do so. Command used: ./kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config 'sasl.jaas.config=KafkaServer \{\n org.apache.kafka.common.security.plain.PlainLoginModule required \n username=\"test\" \n password=\"test\"; \n };' error: requirement failed: Invalid entity config: all configs to be added must be in the format "key=val". command 2: kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config 'sasl.jaas.config=[username=test,password=test]' output: command does not return , but kafka broker logs below error: DEBUG", "neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", "time":"2021-03-23T08:29:00.946", "timezone":"UTC", "log":\{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2 - org.apache.kafka.common.security.authenticator.SaslServerAuthenticator - Set SASL server state to FAILED during authentication"}} {"type":"log", "host":"kf-kaudynamic-0", "level":"INFO", "neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", "time":"2021-03-23T08:29:00.946", "timezone":"UTC", "log":{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2 - org.apache.kafka.common.network.Selector - [SocketServer brokerId=1001] Failed authentication with /127.0.0.1 (Unexpected Kafka request of type METADATA during SASL handshake.)"}} We have below issues: 1. If one installs kafka broker with SASL mechanism and wants to change the SASL jaas config via kafka-configs scripts, how is it supposed to be done ? Is one supposed to provide kafka-configs script credentials to get authenticated with kafka broker ? does kafka-configs needs client credentials to do the same ? 2. Can anyone point us to example commands of kafka-configs to alter the sasl.jaas.config property of kafka broker. We do not see any documentation or examples for the same. was: We are trying to use kafka-configs script to modify the sasl jaas configurations, but unable to do so. Command used: ./kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config 'sasl.jaas.config=KafkaServer \{\n org.apache.kafka.common.security.plain.PlainLoginModule required \n username=\"test\" \n password=\"test\"; \n };' error: requirement failed: Invalid entity config: all configs to be added must be in the format "key=val". command 2: kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config 'sasl.jaas.config=[username=test,password=test]' output: command does not return , but kafka broker logs below error: DEBUG", "neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", "time":"2021-03-23T08:29:00.946", "timezone":"UTC", "log":\{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2 - org.apache.kafka.common.security.authenticator.SaslServerAuthenticator - Set SASL server state to FAILED during authentication"}} {"type":"log", "host":"kf-kaudynamic-0", "level":"INFO", "neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", "time":"2021-03-23T08:29:00.946", "timezone":"UTC", "log":\{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2 - org.apache.kafka.common.network.Selector - [SocketServer brokerId=1001] Failed authentication with /127.0.0.1 (Unexpected Kafka request of type METADATA during SASL handshake.)"}} We have below issues: 1. If one installs kafka broker with SASL mechanism and wants to change the SASL jaas config via kafka-configs scripts, how is it supposed to be done ? does kafka-configs needs client credentials to do the same ? 2. Can anyone point us to example commands of kafka-configs to alter the sasl.jaas.config property of kafka broker. We do not see any documentation or examples for the same. > kafka-configs.sh does not work while changing the sasl jaas configurations. > --------------------------------------------------------------------------- > > Key: KAFKA-12530 > URL: https://issues.apache.org/jira/browse/KAFKA-12530 > Project: Kafka > Issue Type: Bug > Reporter: kaushik srinivas > Priority: Major > > We are trying to use kafka-configs script to modify the sasl jaas > configurations, but unable to do so. > Command used: > ./kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers > --entity-name 59 --alter --add-config 'sasl.jaas.config=KafkaServer \{\n > org.apache.kafka.common.security.plain.PlainLoginModule required \n > username=\"test\" \n password=\"test\"; \n };' > error: > requirement failed: Invalid entity config: all configs to be added must be in > the format "key=val". > command 2: > kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers > --entity-name 59 --alter --add-config > 'sasl.jaas.config=[username=test,password=test]' > output: > command does not return , but kafka broker logs below error: > DEBUG", "neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", > "time":"2021-03-23T08:29:00.946", "timezone":"UTC", > "log":\{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2 > - org.apache.kafka.common.security.authenticator.SaslServerAuthenticator - > Set SASL server state to FAILED during authentication"}} > {"type":"log", "host":"kf-kaudynamic-0", "level":"INFO", > "neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", > "time":"2021-03-23T08:29:00.946", "timezone":"UTC", > "log":{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2 > - org.apache.kafka.common.network.Selector - [SocketServer brokerId=1001] > Failed authentication with /127.0.0.1 (Unexpected Kafka request of type > METADATA during SASL handshake.)"}} > We have below issues: > 1. If one installs kafka broker with SASL mechanism and wants to change the > SASL jaas config via kafka-configs scripts, how is it supposed to be done ? > Is one supposed to provide kafka-configs script credentials to get > authenticated with kafka broker ? > does kafka-configs needs client credentials to do the same ? > 2. Can anyone point us to example commands of kafka-configs to alter the > sasl.jaas.config property of kafka broker. We do not see any documentation or > examples for the same. -- This message was sent by Atlassian Jira (v8.3.4#803005)