Thanks for the response Gerrit! It seems like authorization has the same behavior. Have you experienced that as well?
On Thu, Jan 19, 2017 at 11:48 AM, Gerrit Jansen van Vuuren < gerrit...@gmail.com> wrote: > Hi, > > I've added kerberos support for https://github.com/gerritjvv/kafka-fast > and > have seen that the kafka brokers do not send any response if the SASL > authentication is not correct or accepted, thus causing the client to hang > while waiting for a response from kafka. > > Some things that might help to debug: > > - kafka 0.9's SASL auth is in-compatible with 0.10 and not using the > correct version will cause the kafka client to hang. > - use -Dsun.security.krb5.debug=true and > -Djava.security.debug=gssloginconfig,configfile,configparser,logincontext > to see debug info about what's going on. > > > Some reading material can be found at: > https://github.com/gerritjvv/kafka-fast/blob/master/kafka-clj/Kerberos.md > > and if you want to see or need for testing a vagrant env with kerberos + > kafka configured see > https://github.com/gerritjvv/kafka-fast/blob/master/kafka- > clj/doc/vagrant.md > > > > > On Thu, Jan 19, 2017 at 7:37 PM, Christian <engr...@gmail.com> wrote: > > > I have successfully gotten SASL_PLAINTEXT configured on Kafka cluster. We > > implemented our own LoginModule and Server with the following caveat > that I > > am guessing I am doing something wrong. > > > > The LoginModule's login method acquires a session id from an internal > > security system and populates the subject with the relevant information. > In > > the server evaluateResponse we then validate that session. On success, > > everything is great. However, when the evaulateResponse returns with a > > failure (throws an exception), the producer client just hangs when > sending > > a message until the configured timeout occurs. Interestingly enough, we > see > > the evaulateResponse method is getting called about every second until > the > > the producer client finally times out. > > > > We get this same behavior when using the PlainLoginModule provided with > > Kafka after changing the password on the client side to something > different > > from the server side. > > > > Is this expected behavior? > > > > Thanks, > > Christian > > >